* * * * *

                       A most persistent spam, part VI

It seems that “Aleksandr [1]” may have changed his name to “Mayboroda,” but
it looks like it's the same type of weird spam I've since blocked
successfully. Only here, reader Roberto found a way to block the spam for
users of Postfix [2] (and I did get Roberto's permission to post this email):

> From: Robysampler <XXXXXXXXXXXXXXXXXXXXX>
> To: [email protected]
> Subject: About "Mayboroda_aleks" on your personal blog
> Date: Sun, 16 Jan 2022 23:04:07 +0100
>
> Dear Mr. Sean
>
> My name is Roberto from Italy.
>
> i've read your personal blog about the mayboroda aleks spammer, who's
> bothering me, filling my own company email since one and half years, at
> least.
>
> as you figured out "Mayboroda", keeps changing IPs and domain/subdomains to
> evade every try to block him.
>
> luckly, my company mail is served by a linux machine i own, so i have
> direct access to it, and as final solution i've choose to do some fine
> tuning in postfix config.
>
> i've add inside postfix "main.cf" file:
>
> -----[ data ]-----
> smtpd_recipient_restrictions = check_sender_access regexp:/etc/postfix/rejected.senders
> -----[ END OF LINE ]-----
>
> then i've add in "rejected.senders":
>
> -----[ data ]-----
> /s[0-9]{1,2}.[a-z]*.ru/ REJECT
> /info@.[a-z]*.ru/ REJECT
> -----[ END OF LINE ]-----
>
> in this case you'll provide to your postfix daemon, some rejecting rules
> based on regular expressions.
>
> based on hundreds of mails "Mayboroda" has sent me, i figured out the main
> pattern for his emails usually are
>
> [email protected]
>
> or
>
> something@s(1 or 2 numbers).randomdomain.ru
>
> after setting up your postfix you can check out the result using the
> command
>
> -----[ shell ]-----
> postmap -q "your test email here" regexp:/etc/postfix/rejected.senders
> -----[ END OF LINE ]-----
>
> for example
>
> -----[ shell ]-----
> postmap -q "[email protected]" regexp:/etc/postfix/rejected.senders
> -----[ END OF LINE ]-----
>
> the shell returns REJECT
>
> this will works until "Mayboroda" will continue to use the same pattern in
> the mail sender
>
> I hope you'll appreciate my advices.
>
> have a nice day and happy new year
>
> Roberto
>
> Best Regards
>

I do appreciate your advice, Roberto. Thank you. I'm sure other people will
find this useful as well.

[1] gopher://gopher.conman.org/0Phlog:2021/07/20.2
[2] http://www.postfix.org/

Email author at [email protected]

You are viewing proxied material from gopher.conman.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.