×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Blocking Emails from Amazonses service in Postfix

Blocking Emails from Amazonses service in Postfix

Blocking Emails from Amazonses service in Postfix

(OP)
Hello,

I have an uncomfortable problem that I need to be solved as soon as possible. I have this:

CENTOS Linux Server
Apache
Postfix
Postgrey
Amavisd
Spamassassin
Fail2ban

On this Server I have several mailboxes of my customers. It is POP and SMTP Server for all those mailboxes.

Many of my customers receive emails sent by enterprises and companies which use the Amazon Simple Email Service (www.amazonses.com), a very known email-marketing service from AMAZON corporation. That's OK, no problem with that.

But there are at least two or three specific senders, who use this service (it looks they are Spammers), whose emails I want and need to reject / discard. I am trying to do this through my /etc/postfix/access file. The problem is:

1) If I try to reject / discard them by their From email address or domain name, their emails are not blocked, they enter normally to our mailboxes:

spammerdomain.com.br REJECT (the domain name is masked)
spammerdomain.com.br DISCARD
badaddress@spammerdomain.com.br REJECT (the email address is masked)
badaddress@spammerdomain.com.br DISCARD

2) If I try to reject / discard them by the Amazonses Domain, so, they are really blocked:

amazonses.com REJECT
amazonses.com DISCARD

But, I don't want to block all Amazonses users, it is a serious service. I want to reject / discard just these two or three Spammers.

Questions:

Why this happens?
How can I accomplish it?

See below the Header records of one of these Spammers emails.

Thanks a lot in advance for any help.

Mario Lima./
_________________________________________________________


HEADERS RECORDS:

Return-Path: <0103545670712110-10f5g1b2-6a2c-4b73-9a44-14436946a66d-000000@us-west-2.amazonses.com>
X-Original-To: multisites@srv8.multisitesdominios.com.br
Delivered-To: multisites@srv8.multisitesdominios.com.br
Received: from localhost (localhost [127.0.0.1])
by srv8.multisitesdominios.com.br (Postfix) with ESMTP id E02AC2240989
for <multisites@srv8.multisitesdominios.com.br>; Thu, 6 Sep 2018 16:52:16 -0300 (-03)
X-Virus-Scanned: amavisd-new at multisitesdominios.com.br
Authentication-Results: srv8.multisitesdominios.com.br (amavisd-new);
dkim=fail (1024-bit key) reason="fail (message has been altered)"
header.d=spammerdomain.com.br header.b=KvN6YosZ;
dkim=fail (1024-bit key) reason="fail (message has been altered)"
header.d=amazonses.com header.b=hhjTuzKR
Received: from srv8.multisitesdominios.com.br ([127.0.0.1])
by localhost (srv8.multisitesdominios.com.br [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id ja0LXtz_VOn3
for <multisites@srv8.multisitesdominios.com.br>;
Thu, 6 Sep 2018 16:52:16 -0300 (-03)
Received: from srv4.multisitesdominios.com.br (srv4.multisitesdominios.com.br [66.226.76.119])
by srv8.multisitesdominios.com.br (Postfix) with ESMTP id 3476C2240982
for <info@multisites.com.br>; Thu, 6 Sep 2018 16:52:16 -0300 (-03)
Received: from localhost (66-226-76-119.phx.dedicated.codero.com [127.0.0.1])
by srv4.multisitesdominios.com.br (Postfix) with ESMTP id 2FD9F1E110E
for <info@multisites.com.br>; Thu, 6 Sep 2018 16:46:24 -0300 (BRT)
Received: from srv4.multisitesdominios.com.br ([127.0.0.1])
by localhost (srv4.multisitesdominios.com.br [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id VV3rcOrCRW0P for <info@multisites.com.br>;
Thu, 6 Sep 2018 16:46:23 -0300 (BRT)
Received: from a27-23.smtp-out.us-west-2.amazonses.com (a27-23.smtp-out.us-west-2.amazonses.com [54.240.27.23])
by srv4.multisitesdominios.com.br (Postfix) with ESMTP id B298E1E1133
for <info@multisites.com.br>; Thu, 6 Sep 2018 16:46:23 -0300 (BRT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
s=4ko4gdukdjrhwywj6hffktrinsdiwfzzo; d=spammerdomain.com.br;
t=1536263534;
h=Message-ID:Date:Subject:From:To:MIME-Version:Content-Type:List-Unsubscribe;
bh=YTyx7DGxlvMexh13PSD8UcbvIb16plbXPZTTeZ6974Y=;
b=KvN6YosZ9bfjcmfrjeruJDyiHSTGrfyZ6c2kedkmgfikrtiudfjeHETI8/PfOr1AQkubD/bF
nzNSNU8q5JaIWarO8SJFHFGBRQzAnqcGpBSXingwrlhITRQBSh2NJ5Mhz5qelTC7rK0
feuBJi1NGoUbhsqBQ6fc+N6iKXZ0O8GZMy45l3tw=
Message-ID: <0101016zxc345510-09e5e1a2-6a2c-4b73-9a44-14423456a66d-111111@us-west-2.amazonses.com>
Date: Thu, 6 Sep 2018 19:52:08 +0000
Subject: ABRACADABRAPEDECABRA
From: Domain to be Blocked <badaddress@spammerdomain.com.br>
Reply-To: badaddress@spammerdomain.com.br
To: Multisites Servicos Ltda <info@multisites.com.br>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="_=_swift_v4_1536228239_9f03b8f739eae9baa81fae3377f6fe3d_=_"
List-Unsubscribe: <mailto:news+unsubscribe_5b234b90e3ddbg03468216@spammerdomain.com.br>,
<mailto:news+unsubscribe_5b90fb90e3dbb603334216@spammerdomain.com.br>,
X-SES-Outgoing: 2018.09.06-54.240.27.23
Feedback-ID: 1.us-west-2.isA0hk5qbAxETBLEMujslLN7TOYVRW5EtpUo56LcIds=:AmazonSES

RE: Blocking Emails from Amazonses service in Postfix

I've solved similar problem using header_checks

1. Edit your /etc/postfix/main.cf
Include something like
header_checks = pcre:/etc/postfix/header_checks.pcre

NB. Must reload postfix after editing /etc/postfix/main.cf

2. Edit your /etc/postfix/header_checks.pcre
The format can be as simple as :
<REGEX> <ACTION>

Include something like
/^From:.*badaddress@spammerdomain\.com\.br/ REJECT

3. Postfix usually comes with a header_checks file with lots of good instructions
Mine has been renamed /etc/postfix/header_checks.readme
See also man header_checks

4. You can keep the regexes simple, or make them more sophisticated, eg
/i ignore case
/s ignore case and line breaks
/.*@spammerdomain\.com\.br/s REJECT Domain has been blacklisted

5. You can change and edit your /etc/postfix/header_checks.pcre without any reloading of postfix.
With careful editing of regexes, you can reject/discard emails from individual senders, or entire domains, even Linkedin and Mailchimp. winky smile

HTH

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close