Current time: 12-23-2024, 12:06 PM Hello There, Guest! (LoginRegister)


Post Reply 
[HowTo] Block bogus sender mx in postfix...
Author Message
rbtux Offline
Moderator
*****
Moderators

Posts: 1,847
Joined: Feb 2007
Reputation: 33
Post: #1
[HowTo] Block bogus sender mx in postfix...
Some Spamservers use mx records pointing to IANA reserved address ranges or wildcard addresses

This servers can be blocked by postfix with the following steps:

1. Create /etc/postfix/bogus_mx.cidr with the following content:
Quote:# Reserved Ranges
0.0.0.0/8 REJECT IP address of MX is IANA reserved range
10.0.0.0/8 REJECT IP address of MX is a RFC1918 address
127.0.0.0/8 REJECT IP address of MX is IANA reserved range
169.254.0.0/16 REJECT IP address of MX is a APIPA address
172.16.0.0/12 REJECT IP address of MX is a RFC1918 address
192.0.2.0/24 REJECT IP address of MX is IANA reserved range
192.168.0.0/16 REJECT IP address of MX is a RFC1918 address
198.18.0.0/15 REJECT IP address of MX is IANA reserved range
224.0.0.0/3 REJECT IP address of MX is IANA reserved range
240.0.0.0/12 REJECT IP address of MX is IANA reserved range


# WILDCARDS
62.4.64.119 REJECT IP address of MX host is a wild-card NU.
64.18.138.88 REJECT IP address of MX host is a wild-card CG.&RW.
64.70.19.33 REJECT IP address of MX host is a wild-card WS.
69.25.75.72 REJECT IP address of MX host is a wild-card NU.
72.51.27.58 REJECT IP address of MX host is a wild-card CM.
75.101.130.205 REJECT IP address of MX host is a wild-card MP.
193.33.61.2 REJECT IP address of MX host is a wild-card TK.
195.178.186.40 REJECT IP address of MX host is a wild-card ST.
195.20.32.103 REJECT IP address of MX host is a wild-card TK.
203.119.4.28 REJECT IP address of MX host is a wild-card PH.
208.87.149.250 REJECT IP address of MX host is a wild-card pjn.qsrch.net.
209.172.59.196 REJECT IP address of MX host is a wild-card TK.
212.181.91.6 REJECT IP address of MX host is a wild-card NU.
217.119.57.22 REJECT IP address of MX host is a wild-card TK.
222.231.8.226 REJECT IP address of MX host is a wild-card KR.


2. Configure Postfix:
Add the following before permit_mynetworks to smtpd_sender_restrictions of your /etc/postfix/main.cf:
Quote:check_sender_mx_access cidr:/etc/postfix/bogus_mx.cidr

3. Reload Postfix:
Quote:postfix reload

4. Keep your wildcard section up to date (I do it once a week)
This can be done with the following skript (It takes a while to run...):
Thx to Uwe Driessen, Jan P. Kessler, Ralph Hildebrandt and Andreas Winkelmann from the german Postfixbuch-Mailinglist for creating this script... I hope I did not miss somebody!
Quote:#!/bin/bash

curl -s ftp://ftp.internic.net/domain/root.zone.gz | \
gunzip -c | \
awk ' / NS / {if (length($1) > 1) print "_."$1}' | \
sort -u | \
#Zum sort:
sort -b -t. -k1,1n -k2,2n -k3,3n -k4,4n| \

#sortiert IP-V4 Adressen numerisch nach 1., 2., 3. und 4. Zahl


dig -f - +noall +answer | \
awk ' $5 ~ /[0-9]+\.[0-9]+\./ {
gsub("_.","",$1);
print $5" REJECT IP address of MX host is a wild-card "$1
}' | \
sort -g | \
awk ' BEGIN{
oline=""; }
{
if (NR>1) {
if( length(oline) > 0) {
split(oline,arr);
if ($1==arr[1]) {
oline=oline"&"$11;
}
else {
print oline;
oline=$0;
}
}
else {
oline=$0;
}
}
else {
oline=$0;
}
}
END{ print oline;}'
Noticed? This was a oneliner :-)

5. Thats it
(This post was last modified: 01-16-2009 06:44 AM by rbtux.)
11-13-2007 06:47 AM
Visit this user's website Find all posts by this user Quote this message in a reply
BeNe Offline
Moderator
*****
Moderators

Posts: 5,899
Joined: Jan 2007
Reputation: 68
Post: #2
RE: [HowTo] Block bogus sender mx in postfix...
Cool! Cool

Thanks a lot....very useful!

Greez BeNe
11-13-2007 06:50 AM
Visit this user's website Find all posts by this user Quote this message in a reply
pgentoo Offline
Member
*****
Dev Team

Posts: 326
Joined: Mar 2007
Reputation: 0
Post: #3
RE: [HowTo] Block bogus sender mx in postfix...
You have a small typo.

In one point you call the file bogus_mx.cider, and the other spot you call it bogus_mx.cidr.

Not a big issue, just figured i'd let you know.

-
Jesse
12-02-2007 09:28 AM
Find all posts by this user Quote this message in a reply
rbtux Offline
Moderator
*****
Moderators

Posts: 1,847
Joined: Feb 2007
Reputation: 33
Post: #4
RE: [HowTo] Block bogus sender mx in postfix...
thanks jesse

fixed it...
12-02-2007 09:32 AM
Visit this user's website Find all posts by this user Quote this message in a reply
rbtux Offline
Moderator
*****
Moderators

Posts: 1,847
Joined: Feb 2007
Reputation: 33
Post: #5
RE: [HowTo] Block bogus sender mx in postfix...
updated bogus wildcard mx list...
12-02-2007 09:48 AM
Visit this user's website Find all posts by this user Quote this message in a reply
raphael Offline
Member
***

Posts: 474
Joined: Apr 2007
Reputation: 8
Post: #6
RE: [HowTo] Block bogus sender mx in postfix...
better turn anti spoofing protection (see /etc/sysctl.conf), and use linblock with a list from bluetack. See:
http://nas-central.org/index.php/Peer_Gu...(Linblock) (etch has all the cpan modules, no need to download from cpan.org).
12-05-2007 10:44 AM
Visit this user's website Find all posts by this user Quote this message in a reply
rbtux Offline
Moderator
*****
Moderators

Posts: 1,847
Joined: Feb 2007
Reputation: 33
Post: #7
RE: [HowTo] Block bogus sender mx in postfix...
Well the both methods does not serve the same purpose...

The way with sender-mx block addresses that must not be used as mx-hosts or addresses that are wildcards an therefore could be used by every domain...

The method you mentioned depends on third party listings which at least I would not use unscored... This purpose is well done by policyd-weight...

But every admin should know himself, howto stay speamfree (or at least nearly spamfree)
(This post was last modified: 12-05-2007 05:08 PM by rbtux.)
12-05-2007 05:07 PM
Visit this user's website Find all posts by this user Quote this message in a reply
rbtux Offline
Moderator
*****
Moderators

Posts: 1,847
Joined: Feb 2007
Reputation: 33
Post: #8
RE: [HowTo] Block bogus sender mx in postfix...
updated list...
12-19-2007 08:03 PM
Visit this user's website Find all posts by this user Quote this message in a reply
rbtux Offline
Moderator
*****
Moderators

Posts: 1,847
Joined: Feb 2007
Reputation: 33
Post: #9
RE: [HowTo] Block bogus sender mx in postfix...
updated bogus list...

you may do so too ;-)
01-16-2009 06:44 AM
Visit this user's website Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)