Score:0

Server

Postfix block spam email address

Tarik

6/19/24, 5:32 PM

I have an smtp relay server on ubuntu 22.04.Config below:

main.cf(Postfix 3.6.4)

# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 3.6 on
# fresh installs.
compatibility_level = 3.6
# TLS parameters
smtpd_tls_cert_file=/etc/letsencrypt/live/example.com/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/example.com/privkey.pem
smtpd_tls_security_level=may
smtp_use_tls=yes
smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level=may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
myhostname = mail.example.com
mydomain = mail.example.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = localhost.$mydomain, localhost, $myhostname
relayhost =
#relay_domains = gmail.com, google.com, mail.example.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 35.190.247.0/24 64.233.160.0/19 66.102.0.0/20 66.249.80.0/20 72.14.192.0/18 74.125.0.0/16 108.177.8.0/21 173.194.0.0/16 209.85.128.0/17 216.58.192.0/19 216.239.32.0/19 [2001:4860:4000::]/36 [2404:6800:4000::]/36 [2607:f8b0:4000::]/36 [2800:3f0:4000::]/36 [2a00:1450:4000::]/36 [2c0f:fb50:4000::]/36 172.217.0.0/19 172.217.32.0/20 172.217.128.0/19 172.217.160.0/20 172.217.192.0/19 172.253.56.0/21 172.253.112.0/20 108.177.96.0/19 35.191.0.0/16 130.211.0.0/22
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4

milter_protocol = 2
milter_default_action = accept
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891

The server is configured to limit the subnets of Google mail servers. However, after a while, they start receiving a lot of alerts by type:

Jun 19 15:59:27 mail postfix/smtp[1317360]: 96B363F433: host gmail-smtp-in.l.google.com[64.233.164.27] said: 452-4.2.2 The email account that you tried to reach is over quota. Please direct 452-4.2.2 the recipient to 452 4.2.2  https://support.google.com/mail/?p=OverQuotaTemp r10-20020a19ac4a000000b004f3af9f6f49si7648022lfc.477 - gsmtp (in reply to RCPT TO command)
Jun 19 15:59:27 mail postfix/smtp[1317297]: 99B5C3F424: host gmail-smtp-in.l.google.com[64.233.164.27] said: 452-4.2.2 The email account that you tried to reach is over quota. Please direct 452-4.2.2 the recipient to 452 4.2.2  https://support.google.com/mail/?p=OverQuotaTemp w11-20020ac25d4b000000b004f4cdfda284si7609404lfd.591 - gsmtp (in reply to RCPT TO command)
Jun 19 15:59:26 mail postfix/smtp[1317294]: 0C6BF3F460: to=<[email protected]>, relay=alt1.gmail-smtp-in.l.google.com[142.250.157.27]:25, delay=4084, delays=4077/3.8/2.9/0.54, dsn=4.2.2, status=deferred (host alt1.gmail-smtp-in.l.google.com[142.250.157.27] said: 452-4.2.2 The email account that you tried to reach is over quota. Please direct 452-4.2.2 the recipient to 452 4.2.2  https://support.google.com/mail/?p=OverQuotaTemp le7-20020a170902fb0700b001ac6b926624si71393plb.122 - gsmtp (in reply to RCPT TO command))
Jun 19 15:59:26 mail postfix/smtp[1317297]: 15E253F4C1: to=<[email protected]>, relay=alt1.gmail-smtp-in.l.google.com[142.250.157.27]:25, delay=4078, delays=4071/3.8/2.8/0.6, dsn=4.2.2, status=deferred (host alt1.gmail-smtp-in.l.google.com[142.250.157.27] said: 452-4.2.2 The email account that you tried to reach is over quota. Please direct 452-4.2.2 the recipient to 452 4.2.2  https://support.google.com/mail/?p=OverQuotaTemp cm2-20020a17090afa0200b0025bafac22e9si29382pjb.157 - gsmtp (in reply to RCPT TO command))

How can I block such mass relay requests? What is the best service for this? Whether it is possible to block somehow that the rayleigh could go only from the corporate domain? An important point is that the server is used to send emails from Google Workspace, it is necessary that the blocking does not affect the forwarding of corporate emails. More thanks for your help.

104

0 + 10

ubuntu

postfix

block

Nikita Kipriyanov

6/19/24, 5:39 PM

Please add more log information about those mails; `grep -P "96B363F433|99B5C3F424|0C6BF3F460|15E253F4C1" mail.log`. We need to understand how those mails *originated* or how they appear on your server and how they were processed, not only how they were rejected by Gmail.

Nikita Kipriyanov

6/19/24, 5:43 PM

Also, your `mynetworks` looks **waaaaay** too broad. You have an **open relay**. There are tons of information in Internet why open relay is bad, including several answered questions here. Ideally mynetworks should be **empty** or only has localhost in it, and you **absolutely** should be going in that direction. Remove all that crap from it except localhost and configure everything to be authenticated. How in the hell it appeared there in the first place, who put it there?

djdomi

6/19/24, 5:47 PM

does I read correctly, my network includes nearly about more als 50 percent of the internet? wow what a spam(my) relay. I think that you may not know what my network is

Nikita Kipriyanov

6/19/24, 5:50 PM

It is worth saying `fail2ban` has absolutely nothing do to with this question; I'll going to remove it from tags. Also I surprised Gmail didn't refused to talk with this system from the start and only rejected because the target is over quota (am I correct?). I believe **very soon** the IP of this system will be in all possible spam blocklists and nobody will be going to even talk with this spam relay.

Tarik

6/19/24, 5:51 PM

Something I expected to see :) In fact, I'm happy to remove this entire subnet from the server's relay. However, google workspace does not allow you to connect to the server using some access data, you can only specify the host and connection port in the control panel.

Tarik

6/19/24, 5:54 PM

How can I then restrict forwarding through my server to my organization's domain without using google's subnet.

Nikita Kipriyanov

6/19/24, 5:54 PM

So you created an open relay to "solve" some other problem. How about giving a password to your server, right here, so somebody will be able to connect to it and solve this new problem? That will be not much more dangerous and stupid thing to do, really. Set `mynetworks = 127.0.0.0/8 [::1]/128` and then there will be topic to talk further. And, about Google Workspace — ask *another* question with details specific to that.

Tarik

6/19/24, 6:01 PM

`Jun 19 18:00:12 mail postfix/smtpd[1365426]: NOQUEUE: reject: RCPT from mail-qv1-f69.google.com[209.85.219.69]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mail-qv1-f69.google.com> Jun 19 18:00:12 mail postfix/smtpd[1365426]: disconnect from mail-qv1-f69.google.com[209.85.219.69] ehlo=2 starttls=1 mail=1 rcpt=0/1 bdat=0/1 quit=1 commands=5/7` I've made the changes you mentioned, I'm currently getting the following error.

Nikita Kipriyanov

6/19/24, 6:09 PM

You have also to drop the queue. I think during the stretch of time you had an open relay there appeared a queue of such mails. Check with `postqueue -p`, and remove either selectively, only mails you don't know are yours, or just all: `postsuper -d <postfix-id>` or `postsuper -d ALL`. Read postqueue and postsuper man pages for details.

Tarik

6/19/24, 6:17 PM

Thanks for your answers, I ran the postsuper -d ALL command. This is my test bench, so the loss of letters is not important. I still get the previously mentioned error. Could you tell me how can I enable email relay from my corporate email? Or is it better to create a separate question for this?

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Postfix block spam email address

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.