* * * * * A most persistent spam, part VI It seems that “Aleksandr [1]” may have changed his name to “Mayboroda,” but it looks like it's the same type of weird spam I've since blocked successfully. Only here, reader Roberto found a way to block the spam for users of Postfix [2] (and I did get Roberto's permission to post this email): > From: Robysampler > To: sean@conman.org > Subject: About "Mayboroda_aleks" on your personal blog > Date: Sun, 16 Jan 2022 23:04:07 +0100 > > Dear Mr. Sean > > My name is Roberto from Italy. > > i've read your personal blog about the mayboroda aleks spammer, who's > bothering me, filling my own company email since one and half years, at > least. > > as you figured out "Mayboroda", keeps changing IPs and domain/subdomains to > evade every try to block him. > > luckly, my company mail is served by a linux machine i own, so i have > direct access to it, and as final solution i've choose to do some fine > tuning in postfix config. > > i've add inside postfix "main.cf" file: > > -----[ data ]----- > smtpd_recipient_restrictions = check_sender_access regexp:/etc/postfix/rejected.senders > -----[ END OF LINE ]----- > > then i've add in "rejected.senders": > > -----[ data ]----- > /s[0-9]{1,2}.[a-z]*.ru/ REJECT > /info@.[a-z]*.ru/ REJECT > -----[ END OF LINE ]----- > > in this case you'll provide to your postfix daemon, some rejecting rules > based on regular expressions. > > based on hundreds of mails "Mayboroda" has sent me, i figured out the main > pattern for his emails usually are > > info@randomdomain.ru > > or > > something@s(1 or 2 numbers).randomdomain.ru > > after setting up your postfix you can check out the result using the > command > > -----[ shell ]----- > postmap -q "your test email here" regexp:/etc/postfix/rejected.senders > -----[ END OF LINE ]----- > > for example > > -----[ shell ]----- > postmap -q "info@s4.mayboroda.ru" regexp:/etc/postfix/rejected.senders > -----[ END OF LINE ]----- > > the shell returns REJECT > > this will works until "Mayboroda" will continue to use the same pattern in > the mail sender > > I hope you'll appreciate my advices. > > have a nice day and happy new year > > Roberto > > Best Regards > I do appreciate your advice, Roberto. Thank you. I'm sure other people will find this useful as well. [1] gopher://gopher.conman.org/0Phlog:2021/07/20.2 [2] http://www.postfix.org/ Email Sean Conner at sean@conman.org .