Dec 29, 2023: iRedMail-1.6.8 has been released.

**zicke007** · 2020-02-06 18:27:00

zicke007
Member
Offline

Registered: 2016-02-23
Posts: 6

Topic: Spam

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.9
- Deployed with iRedMail Easy or the downloadable installer? installer
- Linux/BSD distribution name and version: Debian 8
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): Mysql
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hello iRedMail Team,

i receive the last days a lot of spam. The most times, I can see in the log file this connection:
from mail.longtermchallenge.com (vpsnode32.webstudio50.com [2.58.126.8]) or
from mail.mediameaning.com (vpsnode30.webstudio48.com [213.142.151.66])

First I blocked the IP addresses, but the spammer are change every times.
I add a lot of rbl-list, but no changes.
DKIM and also SPF from spammer is OK

Is there a solution to block vpsnodeXX.webstudioXX.com

thx

zicke007

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

**Neutro** · 2020-02-06 19:14:12

Neutro
Member
Offline

Registered: 2014-03-17
Posts: 123

Re: Spam

Hello,

As explained here:

https://forum.iredmail.org/topic13847-b … mains.html

cd /opt/iredapd/tools/
python wblist_admin.py --add --blacklist '@.webstudio@'

Also you can try enabling greylisting if you disabled it.

**zicke007** · 2020-02-07 06:19:55

zicke007
Member
Offline

Registered: 2016-02-23
Posts: 6

Re: Spam

Is not working for me. I receive a other spam mail.
See the log file:

Received: from mail.healthierchallenge.com (vpsnode32.webstudio50.com [2.58.126.6])

In the database amavisd, table mailaddr i can see thid new record:
ID pirority email
1 2 @.webstudio@

**CrashXRU** · 2020-02-07 10:59:03

CrashXRU
Member
Offline

From: Russia Siberia
Registered: 2019-12-09
Posts: 32

Re: Spam

etc\postfix\sender_access.pcre

/webstudio\d{1,2}\.com$/ REJECT

root@mail:~# postmap -q 'ykcuwdj@webstudio12.com' pcre:/etc/postfix/sender_access.pcre
REJECT

**zicke007** · 2020-02-07 20:22:41

zicke007
Member
Offline

Registered: 2016-02-23
Posts: 6

Re: Spam

Is not working for me. Have a look at the mail.log:
mail.bestmediamarket.com (vpsnode32.webstudio50.com [2.58.126.14])

My config:
/etc/postfix/main.cf:
check_sender_access pcre:/etc/postfix/sender_access.pcre

/etc/postfix/sender_access.pcre:
/webstudio\d{1,2}\.com$/ REJECT

Test:
postmap -q 'ykcuwdj@webstudio12.com' pcre:/etc/postfix/sender_access.pcre
REJECT

**ZhangHuangbin** · 2020-02-10 11:40:11

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 30,770

Re: Spam

The hostname "vpsnodeXX.webstudioYY.com" is reverse DNS, you cannot block it in /etc/postfix/sender_access.pcre.
Please try this:

*) Add smtpd_client_restrictions rule in /etc/postfix/main.cf like this:

smtpd_client_restrictions =
    permit_mynetworks
    permit_sasl_authenticated
    check_client_access pcre:/etc/postfix/rdns.pcre

*) Add file /etc/postfix/rdns.pcre with content below:

/webstudio\d+\.com$/ REJECT

*) Restart or reload Postfix service.

Dec 29, 2023: iRedMail-1.6.8 has been released.

Spam

Posts: 6

1 Topic by zicke007 2020-02-06 18:27:00

Topic: Spam

2 Reply by Neutro 2020-02-06 19:14:12 (edited by Neutro 2020-02-06 19:17:08)

Re: Spam

3 Reply by zicke007 2020-02-07 06:19:55

Re: Spam

4 Reply by CrashXRU 2020-02-07 10:59:03

Re: Spam

5 Reply by zicke007 2020-02-07 20:22:41

Re: Spam

6 Reply by ZhangHuangbin 2020-02-10 11:40:11

Re: Spam

Posts: 6