Blocking SPAM at MTA level in postfix

From Notes_Wiki
Revision as of 16:55, 15 January 2017 by Saurabh (talk | contribs) (Created page with "<yambe:breadcrumb>Postfix_server_configuration|Postfix server configuration</yambe:breadcrumb> =Blocking SPAM at MTA level in postfix= Refer https://www.howtoforge.com/block_...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

<yambe:breadcrumb>Postfix_server_configuration|Postfix server configuration</yambe:breadcrumb>

Blocking SPAM at MTA level in postfix

Refer https://www.howtoforge.com/block_spam_at_mta_level_postfix and use section 2 Postfix 2.x configuration

Then test by sending emails from popular providers such as Gmail, Yahoo, etc. If you see log lines such as:

   Sep 22 09:26:22 mail postfix/smtpd[12999]: NOQUEUE: reject: RCPT from mail-lf0-f50.google.com[209.85.215.50]: 554 5.7.1 Service unavailable; Client host [209.85.215.50] blocked using dnsbl.sorbs.net; Currently Sending Spam See: http://www.sorbs.net/lookup.shtml?209.85.215.50; from=<jitendders@gmail.com> to=<jitender@rekallsoftware.com> proto=ESMTP helo=<mail-lf0-f50.google.com>

then it might make sense to remove corresponding blacklist. For example after above log lines dnsbl.sorbs.net can be removed to allow incoming emails from Gmail


How to query DNSBL blacklists using dig to check for blacklisting

To query a blacklist use commands similar to:

   dig +short -t any 50.215.85.209.dnsbl.sorbs.net
   dig +short -t any 50.215.85.209.zen.spamhaus.org

Typically outputs that start with 127.0.0. indicate that given IP is known for sending spams.

Refer https://www.spamhaus.org/faq/section/DNSBL%20Usage#366