Coping with relayed spam?
in [Postfix]
|
From: VR on 4 Sep 2009 17:25 Hello list, This was in my log: Sep 4 16:24:15 mail postfix/smtpd[31423]: connect from n17.bullet.mail.mud.yahoo.com[68.142.206.144] Sep 4 16:24:16 mail postfix/smtpd[31423]: 3FD852BC70: client=n17.bullet.mail.mud.yahoo.com[68.142.206.144] Sep 4 16:24:16 mail postfix/cleanup[31437]: 3FD852BC70: message-id=<639585.34191.qm(a)web111820.mail.gq1.yahoo.com> Sep 4 16:24:16 mail postfix/qmgr[19613]: 3FD852BC70: from=<daysmontrealhotelcanada(a)yahoo.ca>, size=9438, nrcpt=1 (queue active) Sep 4 16:24:16 mail postfix/local[31438]: 3FD852BC70: to=<userAlias(a)iotk.net>, orig_to=<userReal(a)iotk.com>, relay=local, delay=0.65, delays=0.62/0.02/0/0.01, dsn=2.0.0, status=sent (delivered to mailbox) Sep 4 16:24:16 mail postfix/qmgr[19613]: 3FD852BC70: removed Sep 4 16:24:16 mail postfix/smtpd[31423]: disconnect from n17.bullet.mail.mud.yahoo.com[68.142.206.144] I'm guessing relayed but the message content was unquestionably spam. I am not being inundated with these, but it got me wondering; what elegant ways might be available to deal with spam originating from "legitimate" SMTP sources (assuming we can loosely label Yahoo as such) when stuff like this occurs?
From: mouss on 4 Sep 2009 17:46 VR a �crit : > Hello list, > > This was in my log: > > Sep 4 16:24:15 mail postfix/smtpd[31423]: connect from > n17.bullet.mail.mud.yahoo.com[68.142.206.144] > > Sep 4 16:24:16 mail postfix/smtpd[31423]: 3FD852BC70: > client=n17.bullet.mail.mud.yahoo.com[68.142.206.144] > > Sep 4 16:24:16 mail postfix/cleanup[31437]: 3FD852BC70: > message-id=<639585.34191.qm(a)web111820.mail.gq1.yahoo.com> > > Sep 4 16:24:16 mail postfix/qmgr[19613]: 3FD852BC70: > from=<daysmontrealhotelcanada(a)yahoo.ca>, size=9438, nrcpt=1 (queue active) > > Sep 4 16:24:16 mail postfix/local[31438]: 3FD852BC70: > to=<userAlias(a)iotk.net>, orig_to=<userReal(a)iotk.com>, relay=local, > delay=0.65, delays=0.62/0.02/0/0.01, dsn=2.0.0, status=sent (delivered > to mailbox) > > Sep 4 16:24:16 mail postfix/qmgr[19613]: 3FD852BC70: removed > > Sep 4 16:24:16 mail postfix/smtpd[31423]: disconnect from > n17.bullet.mail.mud.yahoo.com[68.142.206.144] > > > I'm guessing relayed but the message content was unquestionably spam. > > I am not being inundated with these, but it got me wondering; what > elegant ways might be available to deal with spam originating from > "legitimate" SMTP sources (assuming we can loosely label Yahoo as such) > when stuff like this occurs? > use a content filter (spamassassin, ...).
From: Benny Pedersen on 4 Sep 2009 17:57 On Fri 04 Sep 2009 11:46:15 PM CEST, mouss wrote >> when stuff like this occurs? > use a content filter (spamassassin, ...). add policyd plugin that blacklist sender in policyd, and postfix reject spam from that sender if there is more, but yahoo uses dkim, so maybe arf spam report to them back ? spamassassin plugin does not exists, it just a wild wish from me to extend policyd v1 for me :) -- xpoint
|
Pages: 1 Prev: relay_domains vs virtual_mailbox_domains Next: Are queue IDs unique within a sinlge instance? |