I received a follow-up message from Rooberto [1] about the “Aleksandr [2] Russian spam emails:
From: Robysampler <XXXXXXXXXXXXXXXXXXXXX>
To: Sean Conner <sean@conman.org>
Subject: Re: About "Mayboroda_aleks" on your personal blog
Date: Mon, 17 Jan 2022 17:33:35 +0100
> Hi Sean.
Thanks very much for your fast reply.
i have some good news about "Mayboroda"
here some lines of my postfix log showing "Mayboroda" has tryed again, sending me some spam today:
>
```
Jan 17 11:48:47 mydomain postfix/smtpd[23894]: warning: hostname tefalongo.ru does not resolve to address 185.186.3.10
Jan 17 11:48:47 mydomain postfix/smtpd[23894]: NOQUEUE: reject: RCPT from unknown[185.186.3.10]: 450 4.7.25 Client host rejected: cannot find your hostname, [185.186.3.10]; from=<info@s7.kroshem.ru> to=<booking@mydomain.net> proto=ESMTP helo=<s7.kroshem.ru>
Jan 17 12:18:49 mydomain postfix/smtpd[24258]: warning: hostname tefalongo.ru does not resolve to address 185.186.3.10
Jan 17 12:18:49 mydomain postfix/smtpd[24258]: NOQUEUE: reject: RCPT from unknown[185.186.3.10]: 450 4.7.25 Client host rejected: cannot find your hostname, [185.186.3.10]; from=<info@s7.kroshem.ru> to=<info@mydomain.net> proto=ESMTP helo=<s7.kroshem.ru>
Jan 17 12:18:49 mydomain postfix/smtpd[24258]: NOQUEUE: reject: RCPT from unknown[185.186.3.10]: 450 4.7.25 Client host rejected: cannot find your hostname, [185.186.3.10]; from=<info@s7.kroshem.ru> to=<booking@mydomain.net> proto=ESMTP helo=<s7.kroshem.ru>
Jan 17 12:48:49 mydomain postfix/smtpd[24629]: connect from s7.kroshem.ru[185.186.3.10]
Jan 17 12:48:49 mydomain postfix/smtpd[24629]: NOQUEUE: reject: RCPT from s7.kroshem.ru[185.186.3.10]: 554 5.7.1 <info@s7.kroshem.ru>: Sender address rejected: Access denied; from=<info@s7.kroshem.ru> to=<info@mydomain.net> proto=ESMTP helo=<s7.kroshem.ru>
```
in particular the last line shows that the regular expression has found a match on "info@s7.kroshem.ru" and replyed "Sender address rejected: Access denied" and REJECTED the incoming Email.
there are some other tweaks you can implement into your "main.cf" postfix configuration file that will help you to avoid junk emails
the following is a partial extract from my postfix "main.cf" configuration:
>
```
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
check_sender_access regexp:/etc/postfix/rejected.senders, #check recipients by regular expression
check_policy_service unix:private/policyd-spf,
reject_rhsbl_helo dbl.spamhaus.org, #check if domain or ip is flagged as spam in spamhouse database
reject_rhsbl_reverse_client dbl.spamhaus.org, #check if domain or ip is flagged as spam in spamhouse database
reject_rhsbl_sender dbl.spamhaus.org, #check if domain or ip is flagged as spam in spamhouse database
reject_rbl_client zen.spamhaus.org #check if domain or ip is flagged as spam in spamhouse database
smtpd_sender_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unknown_reverse_client_hostname, #Reject the request when the client IP address has no address->name mapping.
reject_unknown_client_hostname, #Reject the request when 1) the client IP address->name mapping fails, or
#2) the name->address mapping fails, or
#3) the name->address mapping does not match the client IP address.
reject_unknown_sender_domain #Reject the request when Postfix is not the final destination for the sender address
```
Many of these tweaks i've implemented were taken from the document at the following webpage:
http://www.armellin.com/friends/postfix/postconf.5.html [3]
Feel free to publish our conversation in your blog as you wish.
It's nice to help other people to get rid of the plague of "Mayboroda" :D
Thanks Sean
Best Regards
Roberto
Thank you again, Roberto.