* * * * * A most persistent spam, part VII I received a follow-up message from Rooberto [1] about the “Aleksandr [2] Russian spam emails: > From: Robysampler > To: Sean Conner > Subject: Re: About "Mayboroda_aleks" on your personal blog > Date: Mon, 17 Jan 2022 17:33:35 +0100 > > Hi Sean. > > Thanks very much for your fast reply. > > i have some good news about "Mayboroda" > > here some lines of my postfix log showing "Mayboroda" has tryed again, > sending me some spam today: > > -----[ data ]----- > Jan 17 11:48:47 mydomain postfix/smtpd[23894]: warning: hostname tefalongo.ru does not resolve to address 185.186.3.10 > Jan 17 11:48:47 mydomain postfix/smtpd[23894]: NOQUEUE: reject: RCPT from unknown[185.186.3.10]: 450 4.7.25 Client host rejected: cannot find your hostname, [185.186.3.10]; from= to= proto=ESMTP helo= > Jan 17 12:18:49 mydomain postfix/smtpd[24258]: warning: hostname tefalongo.ru does not resolve to address 185.186.3.10 > Jan 17 12:18:49 mydomain postfix/smtpd[24258]: NOQUEUE: reject: RCPT from unknown[185.186.3.10]: 450 4.7.25 Client host rejected: cannot find your hostname, [185.186.3.10]; from= to= proto=ESMTP helo= > Jan 17 12:18:49 mydomain postfix/smtpd[24258]: NOQUEUE: reject: RCPT from unknown[185.186.3.10]: 450 4.7.25 Client host rejected: cannot find your hostname, [185.186.3.10]; from= to= proto=ESMTP helo= > Jan 17 12:48:49 mydomain postfix/smtpd[24629]: connect from s7.kroshem.ru[185.186.3.10] > Jan 17 12:48:49 mydomain postfix/smtpd[24629]: NOQUEUE: reject: RCPT from s7.kroshem.ru[185.186.3.10]: 554 5.7.1 : Sender address rejected: Access denied; from= to= proto=ESMTP helo= > -----[ END OF LINE ]----- > > in particular the last line shows that the regular expression has found a > match on "info@s7.kroshem.ru" and replyed "Sender address rejected: Access > denied" and REJECTED the incoming Email. > > there are some other tweaks you can implement into your "main.cf" postfix > configuration file that will help you to avoid junk emails > > the following is a partial extract from my postfix "main.cf" configuration: > > -----[ data ]----- > smtpd_recipient_restrictions = permit_mynetworks, > permit_sasl_authenticated, > check_sender_access regexp:/etc/postfix/rejected.senders, #check recipients by regular expression > check_policy_service unix:private/policyd-spf, > reject_rhsbl_helo dbl.spamhaus.org, #check if domain or ip is flagged as spam in spamhouse database > reject_rhsbl_reverse_client dbl.spamhaus.org, #check if domain or ip is flagged as spam in spamhouse database > reject_rhsbl_sender dbl.spamhaus.org, #check if domain or ip is flagged as spam in spamhouse database > reject_rbl_client zen.spamhaus.org #check if domain or ip is flagged as spam in spamhouse database > > smtpd_sender_restrictions =  permit_mynetworks, > permit_sasl_authenticated, > reject_unknown_reverse_client_hostname, #Reject the request when the client IP address has no address->name mapping. > reject_unknown_client_hostname, #Reject the request when 1) the client IP address->name mapping fails, or > #2) the name->address mapping fails, or > #3) the name->address mapping does not match the client IP address. > reject_unknown_sender_domain #Reject the request when Postfix is not the final destination for the sender address > -----[ END OF LINE ]----- > > Many of these tweaks i've implemented were taken from the document at the > following webpage: > > http://www.armellin.com/friends/postfix/postconf.5.html [3] > > Feel free to publish our conversation in your blog as you wish. > > It's nice to help other people to get rid of the plague of "Mayboroda" :D > > Thanks Sean > > Best Regards > > Roberto > Thank you again, Roberto. [1] gopher://gopher.conman.org/0Phlog:2021/01/16.1 [2] gopher://gopher.conman.org/0Phlog:2021/07/20.2 [3] http://www.armellin.com/friends/postfix/postconf.5.html Email Sean Conner at sean@conman.org .