My postfix config works quite well to stop spam. However, I cannot find some way to stop this type of spam coming from third domains using the Gmail servers. RBL lists are useless because most times the ip's are not listed (checked with MultiRbl.valli.org). I wonder if there is some Postfix parameter to avoid this type of spam. Take this common case: spammer: [email protected] spammer IP: 2.2.2.2 my adress: [email protected] my server: my.server.com my server ip: 1.1.1.1 Code: Return-Path: <[email protected]> Delivered-To: [email protected] Received: from localhost (localhost [127.0.0.1]) by my.server.com (Postfix) with ESMTP id BD4D051EFA for <[email protected]>; Tue, 18 Aug 2018 18:09:35 +0200 (CEST) Received: from my.server.com ([127.0.0.1]) by localhost (my.server.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mbNiDJKUbP_D for <[email protected]>; Tue, 18 Aug 2018 18:09:34 +0200 (CEST) Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=209.85.216.180; helo=mail-qt0-f180.google.com; [email protected]; [email protected] Received: from my.server.com (1.1.1.1) by my.server.com (Postfix) with ESMTPS id 05BHA70B28 for <[email protected]>; Tue, 18 Aug 2018 18:09:32 +0200 (CEST) Received: by mail-qt0-f180.google.com with SMTP id r12-u7ao2533318qtr.12 for <[email protected]>; Tue, 18 Aug 2018 16:09:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=spam-com.20150618.gappssmtp.com; s=20150618; h=message-id:from:subject:to:mime-version:reply-to:date; bh=/3KZ...hCXQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; ..3A10w== X-Gm-Message-State: BCy...zb2a= X-Google-Smtp-Source: ANB...r3V= X-Received: by 2001:b5d:abd1:: with SMTP id m58-v...711; Tue, 18 Aug 2018 14:59:09 -0700 (PDT) Received: from ip2.ip-2-2-2.net (ip2.ip-2.2.2.net. [2.2.2.2]) by smtp.gmail.com with ESMTPSA id s2-a8fa34902117kb.26.2018.18.20.04.49.08 for <[email protected]> (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 18 Aug 2018 04:59:09 -0700 (PDT) Message-ID: <[email protected]> From: "Markus Jones" <[email protected]> Subject: Looking business? To: "Me" <[email protected]> Content-Type: multipart/alternative; boundary="aO4q88...jLmQh" MIME-Version: 1.0 Reply-To: "Jane" <[email protected]> Date: Tue, 18 Aug 2018 14:49:11 -0700 the spammer ip (2.2.2.2) doesn't belong to sender domain "spam.com". However, I suppose this is not a valid criteria to reject all e-mails without some impact in legitimate e-mails. I have these related restrictions in Postfix: Code: smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining, reject_invalid_hostname, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_reverse_client_hostname, reject_unauth_destination, reject_unknown_recipient_domain, reject_non_fqdn_recipient, check_policy_service unix:private/policy-spf, reject_rbl_client zen.spamhaus.org, reject_rbl_client rbl.realtimeblacklist.com, reject_rbl_client bl.spamcop.net, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, reject_invalid_hostname, reject_invalid_helo_hostname, reject_non_fqdn_hostname, #reject_unknown_helo_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo strict_rfc821_envelopes = yes smtpd_data_restrictions = reject_unauth_pipelining smtpd_delay_reject = yes policy-spf_time_limit = 3600s smtpd_helo_required = yes smtpd_sasl_authenticated_header = yes some idea or experience to stop it?
