DISCARD spam with postfix


I have a persistent spammer getting through after making all the changes below.
In sender_access I have tried all off the following but am still getting spam.

Am I missing something or have I made a mistake somewhere?.
I would like to just nuke anything from that domain (and this works fine for my other entries)

/^hergivenhair\.com$/   DISCARD
.hergivenhair.com       DISCARD
hergivenhair.com        DISCARD
spammer1@hergivenhair.com        DISCARD
spammer3@hergivenhair.com        DISCARD
spammer2@hergivenhair.com        DISCARD

I am running MIAB v57 (I am holding off upgrading for now) but its otherwise fully patched.

We have some persistent spammers and while I am getting users to move to SPAM and I checked thats is learning, some are still getting through.
To date I have solved this by following the excellent guides here and adding persistent offenders to my sender_access file then processing.

This works 99.9% of the time but I have one getting through (however any others listed are all DISCARDed as expected) - initially it was due to them changing the user@ they were sending from so I changed my method and I think I am blocking both the domain and the email address by using the following

To layout the steps I have taken.

Edit main.cf:
$ sudo nano /etc/postfix/main.cf

Add the check_sender_access table to [smtpd_relay_restrictions]Postfix Configuration Parameters):
(Example of the updated line is below - see the ending)
smtpd_relay_restrictions=permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,check_sender_access hash:/etc/postfix/sender_access

edit the rules list file and add offenders
sudo nano /etc/postfix/sender_access

Eg add to the file the desired action or actions:

username@example.com DISCARD
example.net DISCARD

Create/update the database hashed file
sudo postmap /etc/postfix/sender_access

Then restart postfix/server.
sudo service postfix restart

1 Like

I think I have the likely answer (after much caffeine).

Originally when I checked headers they were all matching to the email domain (as expected).

They now show:
Return-Path: <bounce-mc.us11_46077313.962960-0b650c5133@mail29.sea172.mcdlv.net>

I can chase it but its probably a case of whack-a-mole.

I guess all I can do for now is keep feeding the SPAM trainer.

You could always block the sending server’s IP address in UFW. But I’d imagine that since it is coming from MailChimp, that they’d be using various IP’s. Are you sure that the host name on all now is mail.29.sea172.mcdlv.net? The IP is

I suspect they moved to mail chimp recently as they may have had some “issues” delivering their email.

I have put in a complaint with mail chimp that they have responded to. I will post in a week or so as to whether that worked. Not sure of the story but will be glad to put the 4-6 emails per day to bed.

Mailchimp has done something - no more Mail for now :grinning:

This topic was automatically closed 40 days after the last reply. New replies are no longer allowed.