Some Spamservers use mx records pointing to IANA reserved address ranges or wildcard addresses
This servers can be blocked by postfix with the following steps:
1. Create /etc/postfix/bogus_mx.cidr with the following content:
Quote:# Reserved Ranges
0.0.0.0/8 REJECT IP address of MX is IANA reserved range
10.0.0.0/8 REJECT IP address of MX is a RFC1918 address
127.0.0.0/8 REJECT IP address of MX is IANA reserved range
169.254.0.0/16 REJECT IP address of MX is a APIPA address
172.16.0.0/12 REJECT IP address of MX is a RFC1918 address
192.0.2.0/24 REJECT IP address of MX is IANA reserved range
192.168.0.0/16 REJECT IP address of MX is a RFC1918 address
198.18.0.0/15 REJECT IP address of MX is IANA reserved range
224.0.0.0/3 REJECT IP address of MX is IANA reserved range
240.0.0.0/12 REJECT IP address of MX is IANA reserved range
# WILDCARDS
62.4.64.119 REJECT IP address of MX host is a wild-card NU.
64.18.138.88 REJECT IP address of MX host is a wild-card CG.&RW.
64.70.19.33 REJECT IP address of MX host is a wild-card WS.
69.25.75.72 REJECT IP address of MX host is a wild-card NU.
72.51.27.58 REJECT IP address of MX host is a wild-card CM.
75.101.130.205 REJECT IP address of MX host is a wild-card MP.
193.33.61.2 REJECT IP address of MX host is a wild-card TK.
195.178.186.40 REJECT IP address of MX host is a wild-card ST.
195.20.32.103 REJECT IP address of MX host is a wild-card TK.
203.119.4.28 REJECT IP address of MX host is a wild-card PH.
208.87.149.250 REJECT IP address of MX host is a wild-card pjn.qsrch.net.
209.172.59.196 REJECT IP address of MX host is a wild-card TK.
212.181.91.6 REJECT IP address of MX host is a wild-card NU.
217.119.57.22 REJECT IP address of MX host is a wild-card TK.
222.231.8.226 REJECT IP address of MX host is a wild-card KR.
2. Configure Postfix:
Add the following before permit_mynetworks to smtpd_sender_restrictions of your /etc/postfix/main.cf:
Quote:check_sender_mx_access cidr:/etc/postfix/bogus_mx.cidr
3. Reload Postfix:
Quote:postfix reload
4. Keep your wildcard section up to date (I do it once a week)
This can be done with the following skript (It takes a while to run...):
Thx to Uwe Driessen, Jan P. Kessler, Ralph Hildebrandt and Andreas Winkelmann from the german Postfixbuch-Mailinglist for creating this script... I hope I did not miss somebody!
Quote:#!/bin/bash
curl -s ftp://ftp.internic.net/domain/root.zone.gz | \
gunzip -c | \
awk ' / NS / {if (length($1) > 1) print "_."$1}' | \
sort -u | \
#Zum sort:
sort -b -t. -k1,1n -k2,2n -k3,3n -k4,4n| \
#sortiert IP-V4 Adressen numerisch nach 1., 2., 3. und 4. Zahl
dig -f - +noall +answer | \
awk ' $5 ~ /[0-9]+\.[0-9]+\./ {
gsub("_.","",$1);
print $5" REJECT IP address of MX host is a wild-card "$1
}' | \
sort -g | \
awk ' BEGIN{
oline=""; }
{
if (NR>1) {
if( length(oline) > 0) {
split(oline,arr);
if ($1==arr[1]) {
oline=oline"&"$11;
}
else {
print oline;
oline=$0;
}
}
else {
oline=$0;
}
}
else {
oline=$0;
}
}
END{ print oline;}'
Noticed? This was a oneliner :-)
5. Thats it
Search
Member List
Calendar
Help
/
[HowTo] Block bogus sender mx in postfix...
