We are getting attacked by a Chinese domain called qq.com. The addresses are random each connection example 324125@qq.com, 351341@qq.com.
I tried editing
Code: Select all
/opt/zimbra/conf/postfix_blacklist
then
postmap /opt/zimbra/conf/postfix_blacklist
to block the addresses, but I think that only works for hosts, not senders.
I tried using qq.com, @qq.com, *@qq.com, but the messages still keep coming through.
I tried blocking the IP address of the servers that are connecting, but those are randomized also. Each 2 or 3 connections, the IP addresses are totally random, so blocking the IP address is pointless.
I found this https://wiki.zimbra.com/wiki/Domain_lev ... _and_later
The instructions are wrong because there is no /opt/zimbra/postfix/conf folder. It is /opt/zimbra/conf
I created and edited
Code: Select all
/opt/zibmra/conf/postfix_reject_sender
added the following lines
qq.com REJECT
@qq.com REJECT
*@qq.com REJECT
then
postmap /opt/zimbra/conf/postfix_reject_sender
Code: Select all
/opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf
Code: Select all
%%exact VAR:zimbraMtaSmtpdSenderRestrictions reject_authenticated_sender_login_mismatch%%
%%contains VAR:zimbraMtaSmtpdSenderRestrictions check_sender_access lmdb:/opt/zimbra/conf/postfix_reject_sender%%
%%contains VAR:zimbraServiceEnabled cbpolicyd^ check_policy_service inet:localhost:%%zimbraCBPolicydBindPort%%%%
%%contains VAR:zimbraServiceEnabled amavis^ check_sender_access regexp:/opt/zimbra/common/conf/tag_as_originating.re%%
permit_mynetworks
permit_sasl_authenticated
permit_tls_clientcerts
%%contains VAR:zimbraServiceEnabled amavis^ check_sender_access regexp:/opt/zimbra/common/conf/tag_as_foreign.re%%
I then did
Code: Select all
postconf | grep smtpd_sender_restrictions
Code: Select all
smtpd_sender_restrictions = check_sender_access regexp:/opt/zimbra/common/conf/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, permit_tls_clientcerts, check_sender_access regexp:/opt/zimbra/common/conf/tag_as_foreign.re
Code: Select all
check_sender_access lmdb:/opt/zimbra/conf/postfix_reject_sender
/opt/zimbra/common/conf/main.cf
/opt/zimbra/postfix-2.11.1.2z/conf/main.cf
after, I edited it, I issued both postfix reload or restarted zimbra, but neither worked because then the setttings go back to this:
Code: Select all
smtpd_sender_restrictions = check_sender_access regexp:/opt/zimbra/common/conf/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, permit_tls_clientcerts, check_sender_access regexp:/opt/zimbra/common/conf/tag_as_foreign.re
What am I doing wrong here?
1) Please somebody fix the Wiki so that it is correct.
2) How can I get the following line to stay in my postfix configuration?
Code: Select all
check_sender_access lmdb:/opt/zimbra/conf/postfix_reject_sender
4) If this is not the correct method to block an entire domain, what is?