On Tue, August 25, 2020 23:07, Rob McEwen wrote:
> Thanks, John Capo, for the suggestions! Honestly, I'm at the end of my rope - completely burned
> out from creating this - desperately needing to catch up in other areas of my business so that I
> can pay my bills. And I have other ideas for how to make this data even better that I'm trying to
> get to asap. So help like this is very appreciated!
>
> BTW - does Postfix "know" to refresh the data when the files are updated? Or is there some kind
> of command that needs to run to tell Postfix to reload the files? How does that work?
Postfix loads regex files when a new smtpd instance is started. Running postfix reload or running postmap on a hashed file forces a restart.
Ideally the ids would be in an RBL so changes are seen in a minute or so. I pan on adding that capability to my policy server.
> ALSO - would it help if I created a separate set of files for Postfix that are pre-formatted this
> way already?
Dominic Raferd posted a script that does that. Your time is probably better spent elsewhere.
And Paul Stead posted a nice plugin for Spamassassin.
John Capo
Tuffmail.com
>
> Thanks!
>
>
> Rob McEwen, invaluement.com
>
>
>
> On 8/25/2020 2:26 PM, John Capo wrote:
>
>> On 2020-08-25 11:42, Matus UHLAR - fantomas wrote:
>>
>>>
>>> well, do we have anything available now to block at SMTP level? - postfix policy server? -
>>> milter?
>>>
>>>
>>> so far I have noticed only SA plugins. Which is not bad, but that HUGE advantage is not
>>> usable now.
>>
>> Nothing elegant about this but it was easy to implement. You need to create the software
>> specific to your MX servers to update the files below from Rob's web site.
>>
>> Adjust the paths below to your Postfix install
>>
>>
>> Add these entries to your main.cf:
>>
>>
>> smtpd_restriction_classes = sendgrid
>>
>>
>> # Limit senders that are matched with the regexes in sendgrid-ids # sendgrid =
>> check_sender_access pcre:/usr/local/etc/postfix/maps/sendgrid-ids
>>
>>
>> smtpd_recipient_restrictions = check_sender_access
>> hash:/usr/local/etc/postfix/maps/from-sendgrid
>>
>>
>> Create a file like this from the senders in
>> https://www.invaluement.com/spdata/sendgrid-envelopefromdomain-dnsbl.txt
>>
>>
>> sendgrid.net sendgrid appliedaicourse.com sendgrid bithumbcorp.email sendgrid
>> bitline.life sendgrid bureausveritas.com sendgrid caractere.ro sendgrid
>> craftsgenerals.com sendgrid dalvry.com sendgrid ...
>>
>>
>> Name it from-sendgrid and place it in your Postfix directory postmap from-sendgrid
>>
>> Create a file like this from the ids in
>> https://www.invaluement.com/spdata/sendgrid-id-dnsbl.txt
>>
>>
>> /^bounces\+2191708-[0-9a-f]{4}-/ REJECT Phish from compromised Sendgrid account
>> /^bounces\+4227563-[0-9a-f]{4}-/ REJECT Phish from compromised Sendgrid account
>> /^bounces\+13780591-[0-9a-f]{4}-/ REJECT Phish from compromised Sendgrid account
>> /^bounces\+10163588-[0-9a-f]{4}-/ REJECT Phish from compromised Sendgrid account
>> /^bounces\+10180020-[0-9a-f]{4}-/ REJECT Phish from compromised Sendgrid account ...
>>
>>
>> Name it sendgrid-ids and place it in your Postfix directory
>>
>>
>> postfix reload
>>
>> John Capo Tuffmail.com
>>
>>
>
> -- Rob McEwen https://www.invaluement.com +1 (478) 475-9032
>
>
>
>
> Thanks, John Capo, for the suggestions! Honestly, I'm at the end of my rope - completely burned
> out from creating this - desperately needing to catch up in other areas of my business so that I
> can pay my bills. And I have other ideas for how to make this data even better that I'm trying to
> get to asap. So help like this is very appreciated!
>
> BTW - does Postfix "know" to refresh the data when the files are updated? Or is there some kind
> of command that needs to run to tell Postfix to reload the files? How does that work?
Postfix loads regex files when a new smtpd instance is started. Running postfix reload or running postmap on a hashed file forces a restart.
Ideally the ids would be in an RBL so changes are seen in a minute or so. I pan on adding that capability to my policy server.
> ALSO - would it help if I created a separate set of files for Postfix that are pre-formatted this
> way already?
Dominic Raferd posted a script that does that. Your time is probably better spent elsewhere.
And Paul Stead posted a nice plugin for Spamassassin.
John Capo
Tuffmail.com
>
> Thanks!
>
>
> Rob McEwen, invaluement.com
>
>
>
> On 8/25/2020 2:26 PM, John Capo wrote:
>
>> On 2020-08-25 11:42, Matus UHLAR - fantomas wrote:
>>
>>>
>>> well, do we have anything available now to block at SMTP level? - postfix policy server? -
>>> milter?
>>>
>>>
>>> so far I have noticed only SA plugins. Which is not bad, but that HUGE advantage is not
>>> usable now.
>>
>> Nothing elegant about this but it was easy to implement. You need to create the software
>> specific to your MX servers to update the files below from Rob's web site.
>>
>> Adjust the paths below to your Postfix install
>>
>>
>> Add these entries to your main.cf:
>>
>>
>> smtpd_restriction_classes = sendgrid
>>
>>
>> # Limit senders that are matched with the regexes in sendgrid-ids # sendgrid =
>> check_sender_access pcre:/usr/local/etc/postfix/maps/sendgrid-ids
>>
>>
>> smtpd_recipient_restrictions = check_sender_access
>> hash:/usr/local/etc/postfix/maps/from-sendgrid
>>
>>
>> Create a file like this from the senders in
>> https://www.invaluement.com/spdata/sendgrid-envelopefromdomain-dnsbl.txt
>>
>>
>> sendgrid.net sendgrid appliedaicourse.com sendgrid bithumbcorp.email sendgrid
>> bitline.life sendgrid bureausveritas.com sendgrid caractere.ro sendgrid
>> craftsgenerals.com sendgrid dalvry.com sendgrid ...
>>
>>
>> Name it from-sendgrid and place it in your Postfix directory postmap from-sendgrid
>>
>> Create a file like this from the ids in
>> https://www.invaluement.com/spdata/sendgrid-id-dnsbl.txt
>>
>>
>> /^bounces\+2191708-[0-9a-f]{4}-/ REJECT Phish from compromised Sendgrid account
>> /^bounces\+4227563-[0-9a-f]{4}-/ REJECT Phish from compromised Sendgrid account
>> /^bounces\+13780591-[0-9a-f]{4}-/ REJECT Phish from compromised Sendgrid account
>> /^bounces\+10163588-[0-9a-f]{4}-/ REJECT Phish from compromised Sendgrid account
>> /^bounces\+10180020-[0-9a-f]{4}-/ REJECT Phish from compromised Sendgrid account ...
>>
>>
>> Name it sendgrid-ids and place it in your Postfix directory
>>
>>
>> postfix reload
>>
>> John Capo Tuffmail.com
>>
>>
>
> -- Rob McEwen https://www.invaluement.com +1 (478) 475-9032
>
>
>
>