It seems that “Aleksandr [1]” may have changed his name to “Mayboroda,” but it looks like it's the same type of weird spam I've since blocked successfully. Only here, reader Roberto found a way to block the spam for users of Postfix [2] (and I did get Roberto's permission to post this email):
From: Robysampler <XXXXXXXXXXXXXXXXXXXXX>
To: sean@conman.org
Subject: About "Mayboroda_aleks" on your personal blog
Date: Sun, 16 Jan 2022 23:04:07 +0100
> Dear Mr. Sean
My name is Roberto from Italy.
i've read your personal blog about the mayboroda aleks spammer, who's bothering me, filling my own company email since one and half years, at least.
as you figured out "Mayboroda", keeps changing IPs and domain/subdomains to evade every try to block him.
luckly, my company mail is served by a linux machine i own, so i have direct access to it, and as final solution i've choose to do some fine tuning in postfix config.
i've add inside postfix "main.cf" file:
>
```
smtpd_recipient_restrictions = check_sender_access regexp:/etc/postfix/rejected.senders
```
then i've add in "rejected.senders":
>
```
/s[0-9]{1,2}.[a-z]*.ru/ REJECT
/info@.[a-z]*.ru/ REJECT
```
in this case you'll provide to your postfix daemon, some rejecting rules based on regular expressions.
based on hundreds of mails "Mayboroda" has sent me, i figured out the main pattern for his emails usually are
info@randomdomain.ru
or
something@s(1 or 2 numbers).randomdomain.ru
after setting up your postfix you can check out the result using the command
>
```
postmap -q "your test email here" regexp:/etc/postfix/rejected.senders
```
for example
>
```
postmap -q "info@s4.mayboroda.ru" regexp:/etc/postfix/rejected.senders
```
the shell returns REJECT
this will works until "Mayboroda" will continue to use the same pattern in the mail sender
I hope you'll appreciate my advices.
have a nice day and happy new year
Roberto
Best Regards
I do appreciate your advice, Roberto. Thank you. I'm sure other people will find this useful as well.