Postfix: Blocking persistent SPAM senders (goodbye airtelbradband.in)

At the moment about 90% of our SPAM is coming from India and China (The Russians seem to be on holiday). Of the Indian SPAM, the majority originates from airtelbroadband.in

Like many ISPs Airtelbroadband don’t seem  to care that they are being used to send spam. Sometimes our only recourse is to reject all emails sent from a specific host or group of hosts. This can be done using postfix smtpd client restrictions.

You could use a mapping file for this, but I prefer to use mysql for postfix filters as this means that I can easily update them. This can be setup as follows:

  1. Create a database table to hold the filters:
    CREATE TABLE smtpd_client_restrictions (
      host VARCHAR(256),
      result VARCHAR(256),
      INDEX (host)
    );
  2. Add the restrictions. The host field can be the host name or IP address of the sending server.
    INSERT INTO smtpd_client_restrictions
    VALUES('airtelbroadband.in','REJECT 554 SPAM not tolerated here');
  3.  We could also allow an explicit allow (in the rare case when there is a valid sender)
    INSERT INTO smtpd_client_restrictions
    VALUES('goodhost.airtelbroadband.in','OK');
  4. Tell postfix how to use the database. Create /etc/postfix/smtpd_client_restrictions.cf:
    hosts = 127.0.0.1
    user = your_database_user
    password = your_database_pass
    dbname = your_database_name
    query = SELECT result FROM smtpd_client_restrictions WHERE host = '%s'

    [Postfix will try to match the client ip and domain against the database, starting with the full name/address, and then remove the least significant parts one at a time, trying to find a match.]

  5. Add the rule into the postfix recipient restrictions in /etc/postfix/main.cf:
    [We add the rule to recipient restrictions to keep all the restrictions in one place, and because we can combine it with other restrictions, such as SASL to allow authenticated users through.]

    smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,
    check_client_access mysql:/etc/postfix/popbsmtp.cf,
    check_client_access mysql:/etc/postfix/smtpd_client_restrictions.cf,
    reject_rbl_client bl.spamcop.net,reject_rbl_client sbl-xbl.spamhaus.org,
    reject_invalid_hostname,reject_unauth_destination
  6. Finally restart postfix and watch your SPAM levels drop ….

Date: March 25, 2015

Category: Linux Admin TipsSPAM

Author: John Taylor

Respond To This Post: