Ich und alle meine Freunde, die ich auf meinem privaten Mail-Server hoste, bekommen auf einmal Unmengen gleichstrukturierten Spams. Ein Ende ist nicht in Sicht.
Es gibt aber eine Lösung. Hier wird das am Beispiel von Boundary Line 24 beschrieben, es dürfte sich aber bei anderen Spammer-Verbundnetzwerken ähnlich verhalten.
In main.cf eine (neue) Blacklist anlegen
[...]
smtpd_sender_restrictions =
check_sender_access hash:/usr/local/etc/postfix/blacklist,
[...]
In diese Blacklist alle zur Zeit bekannten Boundary-Line-Spammer-Domains eintragen, und zwar wie folgt:
[...]
# boundary line domains 07.01.2020
wereviewthings.com REDIRECT spam@x-tra-designs.org
yobaat.com REDIRECT spam@x-tra-designs.org
onvacationnow.com REDIRECT spam@x-tra-designs.org
tamnhapho.com REDIRECT spam@x-tra-designs.org
mehrbilit.com REDIRECT spam@x-tra-designs.org
superacrepair.com REDIRECT spam@x-tra-designs.org
oliviertylczak.com REDIRECT spam@x-tra-designs.org
jovenesarrechas.com REDIRECT spam@x-tra-designs.org
juntosms.com REDIRECT spam@x-tra-designs.org
yxbown.com REDIRECT spam@x-tra-designs.org
woobra.com REDIRECT spam@x-tra-designs.org
qdzpjgc.com REDIRECT spam@x-tra-designs.org
harihariguru.com REDIRECT spam@x-tra-designs.org
kaanahr.com REDIRECT spam@x-tra-designs.org
impitsol.com REDIRECT spam@x-tra-designs.org
beautisleeprh.com REDIRECT spam@x-tra-designs.org
wokoro.com REDIRECT spam@x-tra-designs.org
[...]
es ist danach in postmap blacklist und ein service postfix restart durchzuführen, wie der geneigte Unixer eh weiss.
Jetzt bekommt man alle Boundary-Line-24-Spam-Email auf diesen dedizierten Account. Danach untersucht man die Headers dieser Mail, und kann flux die Netzwerke bestimmen, aus denen der Spam kommt. Bei mir schaut das dann so aus
Eine Datei /usr/local/etc/postfix/client_checks anlegen mit u. a. diesem oder ähnlichem Inhalt. Diese IP-Ranges haben meine Analysen ergeben.
5.133.66.0/24 REJECT BLOCK Your IP is blocked on this mailserver. Contact for questions.
217.112.142.0/24 REJECT BLOCK Your IP is blocked on this mailserver. Contact for questions.
208.187.167.0/24 REJECT BLOCK Your IP is blocked on this mailserver. Contact for questions.
212.162.150.0/24 REJECT BLOCK Your IP is blocked on this mailserver. Contact for questions.
63.81.87.0/24 REJECT BLOCK Your IP is blocked on this mailserver. Contact for questions.
209.210.24.0/24 REJECT BLOCK Your IP is blocked on this mailserver. Contact for questions.
204.10.160.0/22 REJECT BLOCK Your IP is blocked on this mailserver. Contact for questions.
134.73.51.0/24 REJECT BLOCK Your IP is blocked on this mailserver. Contact for questions.
45.95.32.0/24 REJECT BLOCK Your IP is blocked on this mailserver. Contact for questions.
63.83.78.0/24 REJECT BLOCK Your IP is blocked on this mailserver. Contact for questions.
208.186.113.0/24 REJECT BLOCK Your IP is blocked on this mailserver. Contact for questions.
45.146.200.0/24 REJECT BLOCK Your IP is blocked on this mailserver. Contact for questions.
45.146.203.0/24 REJECT BLOCK Your IP is blocked on this mailserver. Contact for questions.
63.80.185.0/24 REJECT BLOCK Your IP is blocked on this mailserver. Contact for questions.
45.146.201.0/24 REJECT BLOCK Your IP is blocked on this mailserver. Contact for questions.
217.112.128.0/24 REJECT BLOCK Your IP is blocked on this mailserver. Contact for questions.
45.82.32.0/24 REJECT BLOCK Your IP is blocked on this mailserver. Contact for questions.
45.146.202.0/24 REJECT BLOCK Your IP is blocked on this mailserver. Contact for questions.
45.82.34.0/24 REJECT BLOCK Your IP is blocked on this mailserver. Contact for questions.
69.94.151.0/24 REJECT BLOCK Your IP is blocked on this mailserver. Contact for questions.
208.187.166.0/24 REJECT BLOCK Your IP is blocked on this mailserver. Contact for questions.
208.186.112.0/24 REJECT BLOCK Your IP is blocked on this mailserver. Contact for questions.
postmap client_checks nicht vergessen!
[...]
smtpd_recipient_restrictions =
[...]
check_client_access cidr:/usr/local/etc/postfix/client_checks,
[...]