June Spam wave

Sign in

Subscribe

I've been observing a new email spam wave hitting my servers in the last couple of weeks...<br>Munin graph for monthly rejected emailsWay above the normal "background radiation levels" for my server... 99% of them are poorly configured, and usually fail during "does the sender domain actually exist in DNS" stage... Not to mention DKIM/DMARC/SPF, etc... Some of these come in from a wide range of IP addresses, and so far mtpolicyd does not seem to have a way to ban an entire AS, so I wrote a small script to do just that.<br>as_ban_policy_service<br>Simple Postfix policy server banning clients by their Autonomous System number<br>Giteavasili

I've added it as a policy server into smtpd_helo_restrictions so if some especially spammy network materializes and manages to get through the trivial check - I just nuke the entire AS. It's caching AS responses from Team Cymru AS Lookup service and also does IP-in-CIDR lookup right in sqlite thanks to an extension (no IPv6 though).<br>Before I would see the bunch of offending IP's, get the CIDR from the AS and firewall it, which works well, but some AS's advertise dozens of blocks, and doing it manually is a pain. Also, after latest distro upgrade, Ubuntu decided to nuke ufw and replace it with something else, so I've yet to figure out the migration path.<br>This is a very trivial piece of code, that works well in my very low load email server.

Subscribe to Vasili's Blog

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.

jamie@example.com

Subscribe

Powered by Ghost