In Postfix, how do I block all clients whose reverse DNS is in a domain?

Pierre Abbat

3/17/24, 8:41 AM

I just got hit by a spammer sending spam through my mail server from multiple IP addresses in various netblocks all with a reverse lookup ending in googleusercontent.com. (I haven't figured out how; my server kept replying "reject" to some while letting others through.) I'd like to block all IP addresses in the domain. I have this in my main.cf:

smtpd_relay_restrictions = permit_mynetworks
        check_recipient_access hash:/etc/postfix/recipient
        permit_sasl_authenticated
        reject_unauth_destination
        check_client_access hash:/etc/postfix/rbl_override
        check_sender_access pcre:/etc/postfix/domains
        reject_rbl_client <several lines like this for blocklists>

rbl_override has several IP addresses (some with only three numbers, i.e. a netblock) followed by OK or REJECT. Does it make sense to put googleusercontent.com in rbl_override? Is there a way to block all IP addresses whose reverse DNS is in this domain?

(reject_unauth_destination was after the RBLs while the spam was getting through.)

0 + 7

postfix

spam

HBruijn

3/17/24, 10:31 AM

AFAIK You can use a postfix [`access` map](https://www.postfix.org/access.5.html) to apply access controls and for example block all hosts in a particular domain. in `/etc/postfix/access` add for example `googleusercontent.com REJECT`

Pierre Abbat

3/17/24, 11:17 AM

I don't have `/etc/postfix/access`. What do I put in `main.cf`?

HBruijn

3/17/24, 2:42 PM

The manual page includes a EXAMPLE chapter with instructions on how to implement that.

anx

3/17/24, 5:25 PM

There is a difference between a) refusing senders that cannot be bothered to change their reverse association from what their provider has setup as a verbose default, or b) refusing any sender using the services of that provider, including those having configured a custom name. Which do you want?

Pierre Abbat

3/17/24, 5:38 PM

Which of the many Postfix manual pages?

Pierre Abbat

3/17/24, 5:42 PM

All the IP addresses that sent spam that I found in deferred had `googleusercontent.com` in their reverse lookup. Blocking everything with that reverse lookup should be sufficient. I think I'll do this temporarily and remove the block if I hear back from Google that they've removed the account or fixed the security hole or whatever.

Pierre Abbat

3/17/24, 5:56 PM

I added `googleusercontent.com REJECT` to `rbl_override` and am waiting to see what happens if another connect attempt comes from there.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: In Postfix, how do I block all clients whose reverse DNS is in a domain?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.