You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Andreas Schulze <sc...@andreasschulze.de> on 2014/06/05 20:54:42 UTC

Re: SPAM from a registrar

Tom Hendrikx:
> but postfix has a feature that can check the MX and NS
> records of the envelope sender or hostname of the connecting ip.
I know and use that.


> If these are all the same, you could block connections based on those.
               ============
that's intersting, no idea how to compare something in postfix.
Could you post an example?

Andreas

Re: SPAM from a registrar

Posted by Tom Hendrikx <to...@whyscream.net>.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 05-06-14 20:54, Andreas Schulze wrote:
> Tom Hendrikx:
>> but postfix has a feature that can check the MX and NS records of
>> the envelope sender or hostname of the connecting ip.
> I know and use that.
> 
> 
>> If these are all the same, you could block connections based on
>> those.
> ============ that's intersting, no idea how to compare something in
> postfix. Could you post an example?
> 

It's a manual process: you'll need to check the whois data of the
domains that pass your spam controls, and block the NS hosts if you
find consistency, and the OP saw with Enom.

Checking whois data could be automated, but is discouraged by whois
services (and applying a blanket block based on NS records should not
be done without operator review, imho, since the possible huge impact).

Postfix cannot compare since it has no concept of multiple messages
arriving at the same time: it happens, but the smtpd processes
handling them have no knowledge of each other (or their data strcutures).

Tom
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJTkwvPAAoJEJPfMZ19VO/13W0QAJni1zj4W2C6F6Til1os/AJh
7uzHlfr0ucb0wxt5oLZSJXWHvV2okX9lrsJSHLK/ajzLDXfYtgoejBuGwX3/g7tG
Ppl460NyL0ok7r0E73VspeGcpRRQNlB8+l3q31eHSuScawhLEaZQczF0W6AFlF7X
+cP8YJWYGyaXxPB8MHHuELT+/ak2AIa9OueEwTTmRhiVhFtpWotBPtWDP5LJrfbB
pu0JF9jqglqyw1qeRQl6ppkNDuLpG7CqiIBzse7maFHTUweiabEd55rS5K0TpruK
TWTc1KnKtNHRJ5ykPp+2MPM6bKAAxykGWfkSxZ7o6rctNMO4Xb1gtDCkCVPfTUAr
ATwIKaDLLV6/FeNAjEIqN/z2/HBZxPF6XGWYqEl20CeFUoc4pMZ8FVFpYa3QFGAc
hjZpLXc9UJeOUTU/uqhOxBKeOIRmVBTF13cYy9G3l4vLYclv1JhoGsMVl/E7i4eF
Ub5g7ZLSp3nLJGg5YGcvolQ4VT0T9tttx8Xr88oPJ8bi2Z93wOUjyLIGunC1cbJ5
BRN8q4YvhVh+mxSZVOy9yra3JOS5yf2l29xTKgObBVQYa+6wvBEa5YNEBge6ZNaD
KgbgyhpQpv7iBp+YKaop62lljo2KuCTyaQQAhyv3ih+uEwRaFLmGapIR1qN2mnTa
6VAghLYDO3HyxGeVtJpH
=dUJ1
-----END PGP SIGNATURE-----