-1

I can't stop SPAM email on my ubuntu and postfix.

I blocked SPAM server in postfix by adding line in sender_access :

smtp02.emaillo.pl REJECT
emaillo.pl REJECT

and I even block whole communication on host.deny level by adding :

ALL: 185.70.36.24
ALL: 185.70.36.

Of course I restart machine. I still receive lot of emails. Here is header of email from that server :

From - Thu Jan 12 08:32:55 2017
X-Account-Key: account3
X-UIDL: UID117996-1235585685
X-Mozilla-Status: 0000
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:                                                                                 
Return-Path: <14x18297.1915.431494101@info.emaillo.pl>
X-Original-To: orasoft@orasoft.net.pl
Delivered-To: orasoft@orasoft.net.pl
Received: from localhost (localhost [127.0.0.1])
    by mail.orasoft.net.pl (Postfix) with ESMTP id B3568230342
    for <orasoft@orasoft.net.pl>; Wed, 11 Jan 2017 15:11:18 +0100 (CET)
X-Virus-Scanned: amavisd-new at orasoft.net.pl
X-Spam-Flag: NO
X-Spam-Score: 2.848
X-Spam-Level: **
X-Spam-Status: No, score=2.848 tagged_above=2 required=6.31
    tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
    HTML_MESSAGE=0.001, RAZOR2_CF_RANGE_51_100=0.5,
    RAZOR2_CF_RANGE_E8_51_100=1.886, RAZOR2_CHECK=0.922,
    RCVD_IN_BRBL_LASTEXT=1.449, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01,
    UNPARSEABLE_RELAY=0.001] autolearn=no
Authentication-Results: mail.orasoft.net.pl (amavisd-new);
    dkim=pass (1024-bit key) header.d=emaillo.pl
Received: from mail.orasoft.net.pl ([91.235.238.33])
    by localhost (mail.orasoft.net.pl [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id HWRQoQFfHgHW for <orasoft@orasoft.net.pl>;
    Wed, 11 Jan 2017 15:11:16 +0100 (CET)
Received: from smtp02.emaillo.pl (smtp02.emaillo.pl [185.70.36.24])
    by mail.orasoft.net.pl (Postfix) with ESMTP id 648CF22FFE7
    for <orasoft@orasoft.net.pl>; Wed, 11 Jan 2017 15:11:16 +0100 (CET)
Received: from smtp02.emaillo.pl (smtp02.emaillo.pl [185.70.36.24])
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=emaillo.pl; s=default;
    t=1484143789; bh=riutoAPPvXxo9l8M3cnJDTxaRwA=;
    h=From:To:Reply-To:Date:Subject:List-Unsubscribe;
    b=p68tdznlGV/sSzkmDoHvxijZZ8DmQJoFutu6o34eO3sxz2Cwe1URpx0vfiKVIKfGo
     dIBfy/Jc7+AtO7SSbn7EgwY5iIx4ywWvhsvUf1BrDgwdr4XwdD9t6E2NQJLQ7Wh/pw
     D/vzT+sg2vBBxo3XinAJM67JLjihxUezZkUYBvIU=

Any suggestions how to stop it? I'm a confused a lot :(

ArtLion
  • 33
  • 1
  • 9

1 Answers1

1

To stop SPAM you can add this ip address into iptables:
iptables -I INPUT -s 185.70.36.24 -p tcp --dport 25 -j REJECT
Provide smtpd_sender_restrictions variable from main.cf
Also provide full mail headers

Yuriy Zhigulskiy
  • 1,382
  • 9
  • 11
  • 1
    The question is not on-topic for Stack Overflow as defined in the [help]. Please don't answer such questions; instead, you should flag them for attention and they will be closed or migrated appropriately. – Toby Speight Jan 13 '17 at 11:06
  • Is host.deny not closing all connections from 185.70.36.24 ? Do I need add additional line in iptables (as I understand it will only block communication on port 25) ? I was thinking that host.deny stop whole communiaction with this ip address and my server. Isn't right ? – ArtLion Jan 13 '17 at 11:31
  • It is full header - rest is topic and just email – ArtLion Jan 13 '17 at 11:37
  • smtpd_sender_restrictions = reject_unknown_sender_domain, reject_sender_login_mismatch, reject_non_fqdn_sender, reject_unknown_address, reject_unauth_pipelining, permit – ArtLion Jan 13 '17 at 11:39