/^dsl.*\..*\..*/i 553 AUTO_DSL spam
/[ax]dsl.*\..*\..*/i 553 AUTO_XDSL spam
/client.*\..*\..*/i 553 AUTO_CLIENT spam
/cable.*\..*\..*/i 553 AUTO_CABLE spam
/pool.*\..*\..*/i 553 AUTO_POOL spam
/dial.*\..*\..*/i 553 AUTO_DIAL spam
/ppp.*\..*\..*/i 553 AUTO_PPP spam
/dslam.*\..*\..*/i 553 AUTO_DSLAM spam
/node.*\..*\..*/i 553 AUTO_NODE spamПодключение для Postfix: в main.cf, к smtpd_client_restrictions списку добавить regexp:путь
URL:
Обсуждается: http://www.opennet.me/tips/info/623.shtml
Сделал как написано, но постфикс как ни в чём не бывало принимает почту с таких хостов :/И ещё - постфикс напроч игнорирует записи в access типа
.rr.com 550 Sorry, your host blacklisted
В чём может быть дело?
Разобрался. В main.conf было две строчки
smtpd_client_restrictions
Открыл недавно несколько возможностей в Постфиксе для отсеивания нежелательной почты на этапе HELO.
Теперь у меня сервер отсеивает от 90 до 98% почты
сразу. Антивирус (clamAV) и SA отдыхают. Коэффициент SA задрал до 7.3. Все равно до него мало что доходит.
Итак в main.cf стоит:
smtpd_recipient_restrictions =
permit_mynetworks,
reject_non_fqdn_recipient,
reject_unauth_destination,
check_helo_access hash:/etc/postfix/helo_checks,
check_helo_access pcre:/etc/postfix/helo_checks_pcre,
check_sender_access hash:/etc/postfix/sender_checks,
check_client_access hash:/etc/postfix/client_checks,
check_sender_mx_access cidr:/etc/postfix/mx_access,
check_recipient_mx_access cidr:/etc/postfix/mx_access,
reject_rbl_client relays.ordb.org,
reject_rbl_client sbl.spamhaus.org,
reject_unknown_sender_domain,
reject_unknown_recipient_domain#/etc/postfix/helo_checks:
# This file has to be "compiled" with "postmap"# Reject anybody that HELO's as being in our own domain(s)
# (Note that if you followed the order suggested in the main.cf
# examples, above, that machines in mynetworks will be okay.)<Мой домен> REJECT You are not in trala.la
# Somebody HELO'ing with our IP address?
<мой IP> REJECT You are not meЭто хорошо помогает против вирус и зомби.
#/etc/postfix/helo_checks.pcre:
#
# Note: You must have PCRE support support built in to Postfix at
# compile time to use this.
#
# No, you won't find this entry in my "smtpd_recipient_restrictions,"
# above. I'm not doing this check (at this time).
#
# If you want to be really picky about it: HELO'ing with an IP
# address is RFC-compliant - *if* it's enclosed in square-brackets
# ("[]"s). (One would think "reject_invalid_hostname" checks for
# this, but it does not.)
#
# Somebody HELO'ing with a non-RFC-compliant dotted-quad IP
# address? For shame! (I don't do this check, btw.)
#
# Initial expression
#/^[0-9]+(\.[0-9]+){3}$/ REJECT Invalid hostname (plain D)
# expression modified by Eugene 22.03.2005
/[^[] *[0-9]+((\.|-)[0-9]+){3}/ REJECT Invalid hostname (ipable)
#
/(modem|dia(l|lup)|dsl|p[cp]p|cable|catv|poo(l|les)|dhcp|client|customer|user|[0
-9]{4,})(-|\.|[0-9])/ REJECT Invalid hostname (client)
#
/[0-9]+-[0-9]+/ REJECT Invalid hostname (D-D)О других файлах можно почитать в руководствах.
Если есть вопросы, спрашивайте :-)
Больше всего сработок дают эти два приведенных здесь файла.
А как сделать то же самое на sendmail?
как сделать такое же для qmail?
Способ проще, работает в Exim:
/(^|[0-9.-])([axv]dsl|[ck]lient|cable|pool|dial|ppp|dslam|node)/
>Способ проще, работает в Exim:
>/(^|[0-9.-])([axv]dsl|[ck]lient|cable|pool|dial|ppp|dslam|node)/вы не подскажете, куда именно это в экзиме записать? То есть полную строку из конфига, а не один регэксп.
#*******************************************
# IP address: (([0-9]){3}-){2}
#*******************************************# No one will use these in helo command.
/^localhost$/ REJECT Go away, bad guy (localhost).
/^localhost.localdomain$/ REJECT Go away, bad guy (localhost.localdomain).# Reject who use IP address as helo.
# Correct: [xxx.xxx.xxx.xxx]
# Incorrect: xxx.xxx.xxx.xxx
/^[0-9.]+$/ REJECT Go away, bad guy (not RFC compliant).#
# This is the real HELO identify of these ISPs:
# sohu.com websmtp.sohu.com relay2nd.mail.sohu.com
# 126.com m15-78.126.com
# 163.com m31-189.vip.163.com m13-49.163.com
# sina.com mail2-209.sinamail.sina.com.cn
# gmail.com xx-out-NNNN.google.com
#
/^126\.com$/ REJECT Go away, bad guy (126.com).
/^163\.com$/ REJECT Go away, bad guy (163.com).
/^163\.net$/ REJECT Go away, bad guy (163.net).
/^sohu\.com$/ REJECT Go away, bad guy (sohu.com).
/gmail\.com$/ REJECT Go away, bad guy (gmail.com).
/^google\.com$/ REJECT Go away, bad guy (google.com).
/^yahoo\.com\.cn$/ REJECT Go away, bad guy (yahoo.com.cn).
/^yahoo\.co\.jp$/ REJECT Go away, bad guy (yahoo.co.jp).#
# Spammers.
#
/^728154EA470B4AA\.com$/ REJECT Go away, bad guy (728154EA470B4AA.com).
/^dsldevice\.lan$/ REJECT Go away, bad guy (dsldevice.lan).
/^taj-co\.com$/ REJECT Go away, bad guy (taj-co.com).
/^CF8D3DB045C1455\.net$/ REJECT Go away, bad guy (CF8D3DB045C1455.net).
/^dsgsfdg\.com$/ REJECT Go away, bad guy (dsgsfdg.com).
/^se\.nit7-ngbo\.com$/ REJECT Go away, bad guy (se.nit7-ngbo.com).
/^mail\.goo\.ne\.jp$/ REJECT Go away, bad guy (mail.goo.ne.jp).
/^n-ong_an\.com$/ REJECT Go away, bad guy (n-ong_an.com).
/^e5\.il\.n5tt\.zj\.cn$/ REJECT Go away, bad guy (e5.il.n5tt.zj.cn).
/^meqail\.teamefs-ine5tl\.com$/ REJECT Go away, bad guy (meqail.teamefs-ine5tl.com).
/^zzg\.jhf-sp\.com$/ REJECT Go away, bad guy (zzg.jhf-sp.com).
/^din_glo-ng\.net$/ REJECT Go away, bad guy (din_glo-ng.net).
/^fda-cnc\.ie\.com$/ REJECT Go away, bad guy (fda-cnc.ie.com).
/^yrtaj-yrco\.com$/ REJECT Go away, bad guy (yrtaj-yrco.com).
/^m\.am\.biz\.cn$/ REJECT Go away, bad guy (m.am.biz.cn).
/^xr_haig\.roup\.com$/ REJECT Go away, bad guy (xr_haig.roup.com).
/^hjn\.cn$/ REJECT Go away, bad guy (hjn.cn).
/^we_blf\.com\.cn$/ REJECT Go away, bad guy (we_blf.com.cn).
/^netvigator\.com$/ REJECT Go away, bad guy (netvigator.com).
/^mysam\.biz$/ REJECT Go away, bad guy (mysam.biz).
/^mail\.teams-intl\.com$/ REJECT Go away, bad guy (mail.teams-intl.com).
/^seningbo\.com$/ REJECT Go away, bad guy (seningbo.com).
/^nblf\.com\.cn$/ REJECT Go away, bad guy (nblf.com.cn).
/^kdn\.ktguide\.com$/ REJECT Go away, bad guy (kdn.ktguide.com).
/^zzsp\.com$/ REJECT Go away, bad guy (zzsp.com).
/^nblongan\.com$/ REJECT Go away, bad guy (nblongan.com).
/^dpu\.cn$/ REJECT Go away, bad guy (dpu.cn).
/^mail\.nbptt\.zj\.cn$/ REJECT Go away, bad guy (mail.nbptt.zj.cn).
/^nbalton\.com$/ REJECT Go away, bad guy (nbalton.com).
/^cncie\.com$/ REJECT Go away, bad guy (cncie.com).
/^xinhaigroup\.com$/ REJECT Go away, bad guy (xinhaigroup.com).
/^system.mail$/ REJECT Go away, bad guy (system.mail).
/^wz\.com$/ REJECT Go away, bad guy (wz.com).
/^speedtouch\.lan$/ REJECT Go away, bad guy (speedtouch.lan).
/^dsldevice\.lan$/ REJECT Go away, bad guy (dsldevice.lan).
/\.zj.cn$/ REJECT Go away, bad guy (.zj.cn).
/\.kornet$/ REJECT Go away, bad guy (.kornet).
/\.zj.cn$/ REJECT Go away, bad guy (.zj.cn).
/\.local$/ REJECT Go away, bad guy (.local).#
# Reject adsl spammers.
#
/adsl/ REJECT Go away, bad guy (adsl).
/dynamic/ REJECT Go away, bad guy (dynamic)
/\d{1,3}-\d{1,3}-\d{1,3}-\d{1,3}/ REJECT Go away (dynamic).
/pppoe/ REJECT Go away, bad guy (pppoe).
/dsl\.brasiltelecom\.net\.br/ REJECT Go away, bad guy (dsl.optinet.hr)
/dsl\.optinet\.hr/ REJECT Go away, bad guy (dsl.telesp.net.br)
/dsl\.telesp\.net\.br/ REJECT Go away, bad guy (dialog)
/dialup/ REJECT Go away, bad guy (dialup)
/dhcp/ REJECT Go away, bad guy (dhcp)
/dhcp\.stls\.mo\.charter\.com/ REJECT Go away, bad guy (dhcp.stls.mo.charter.com)
/pool-/ REJECT Go away, bad guy (pool-)
/^cpe-/ REJECT Go away, bad guy (cpe-)
/\.cpe\./ REJECT Go away, bad guy (.cpe.)/speedy\.com\.ar$/ REJECT Go away, bad guy (speedy.com.ar)
/speedyterra\.com\.br$/ REJECT Go away, bad guy (speedyterra.com.br)
/static\.sbb\.rs$/ REJECT Go away, bad guy (static.sbb.rs)
/static\.vsnl\.net\.in$/ REJECT Go away, bad guy (static.vsnl.net.in)/advance\.com\.ar/ REJECT Go away, bad guy
/airtelbroadband\.in/ REJECT Go away, bad guy
/bb\.netvision\.net\.il/ REJECT Go away, bad guy
/bezeqint\.net/ REJECT Go away, bad guy
/broadband3\.iol\.cz/ REJECT Go away, bad guy
/cable\.net\.co/ REJECT Go away, bad guy
/catv\.broadband\.hu/ REJECT Go away, bad guy
/chello\.nl/ REJECT Go away, bad guy
/chello\.sk/ REJECT Go away, bad guy
/client\.mchsi\.com/ REJECT Go away, bad guy
/cncdnh\.east\.verizon\.net/ REJECT Go away, bad guy
/comunitel\.net/ REJECT Go away, bad guy
/coprosys\.cz/ REJECT Go away, bad guy
/dclient\.hispeed\.ch/ REJECT Go away, bad guy
/dfw\.dsl-w\.verizon\.net/ REJECT Go away, bad guy
/dip0\.t-ipconnect\.de/ REJECT Go away, bad guy
/domain\.invalid/ REJECT Go away, bad guy
/dyn\.centurytel\.net/ REJECT Go away, bad guy
/embarqhsd\.net/ REJECT Go away, bad guy
/emcali\.net\.co/ REJECT Go away, bad guy
/epm\.net\.co/ REJECT Go away, bad guy
/eutelia\.it/ REJECT Go away, bad guy
/fastwebnet\.it/ REJECT Go away, bad guy
/fibertel\.com\.ar/ REJECT Go away, bad guy
/freedom2surf\.net$/ REJECT Go away, bad guy
/hgcbroadband\.com$/ REJECT Go away, bad guy
/HINET-IP\.hinet\.net$/ REJECT Go away, bad guy
/infonet\.by$/ REJECT Go away, bad guy
/is74\.ru$/ REJECT Go away, bad guy
/kievnet\.com\.ua$/ REJECT Go away, bad guy
/metrotel\.net\.co$/ REJECT Go away, bad guy
/nw\.nuvox\.net$/ REJECT Go away, bad guy
/pitbpa\.fios\.verizon\.net$/ REJECT Go away, bad guy
/pldt\.net$/ REJECT Go away, bad guy
/pool\.invitel\.hu$/ REJECT Go away, bad guy
/pool\.ukrtel\.net$/ REJECT Go away, bad guy
/pools\.arcor-ip\.net$/ REJECT Go away, bad guy
/pppoe\.avangarddsl\.ru$/ REJECT Go away, bad guy
/retail\.telecomitalia\.it$/ REJECT Go away, bad guy
/revip2\.asianet\.co\.th$/ REJECT Go away, bad guy
/tim\.ro$/ REJECT Go away, bad guy
/tsi\.tychy\.pl/ REJECT Go away, bad guy
/ttnet\.net\.tr/ REJECT Go away, bad guy
/tttmaxnet\.com/ REJECT Go away, bad guy
/user\.veloxzone\.com\.br/ REJECT Go away, bad guy
/utk\.ru$/ REJECT Go away, bad guy
/veloxzone\.com\.br$/ REJECT Go away, bad guy
/verizon\.net$/ REJECT Go away, bad guy
/virtua\.com\.br$/ REJECT Go away, bad guy
/wanamaroc\.com$/ REJECT Go away, bad guy
/wbt\.ru$/ REJECT Go away, bad guy
/wireless\.iaw\.on\.ca$/ REJECT Go away, bad guy
/zj\.cn$/ REJECT Go away, bad guy
/business\.telecomitalia\.it$/ REJECT Go away, bad guy
/cotas\.com\.bo$/ REJECT Go away, bad guy
/marunouchi\.tokyo\.ocn\.ne\.jp$/ REJECT Go away, bad guy
/amedex\.com$/ REJECT Go away, bad guy.
/aageneva\.com$/ REJECT Go away, bad guy.