A most persistent spam, part VI
It seems that “Aleksandr [1]” may have changed his name to “Mayboroda,” but it looks like it's the same type of weird spam I've since blocked successfully. Only here, reader Roberto found a way to block the spam for users of Postfix [2] (and I did get Roberto's permission to post this email):
From: Robysampler <XXXXXXXXXXXXXXXXXXXXX>
To: sean@conman.org
Subject: About "Mayboroda_aleks" on your personal blog
Date: Sun, 16 Jan 2022 23:04:07 +0100
>
> Dear Mr. Sean
>
My name is Roberto from Italy.
>
i've read your personal blog about the mayboroda aleks spammer, who's bothering me, filling my own company email since one and half years, at least.
>
as you figured out "Mayboroda", keeps changing IPs and domain/subdomains to evade every try to block him.
>
luckly, my company mail is served by a linux machine i own, so i have direct access to it, and as final solution i've choose to do some fine tuning in postfix config.
>
i've add inside postfix "main.cf" file:
>
>
``` data
smtpd_recipient_restrictions = check_sender_access regexp:/etc/postfix/rejected.senders
>
```
>
then i've add in "rejected.senders":
>
>
``` data
/s[0-9]{1,2}.[a-z]*.ru/ REJECT
/info@.[a-z]*.ru/ REJECT
>
```
>
in this case you'll provide to your postfix daemon, some rejecting rules based on regular expressions.
>
based on hundreds of mails "Mayboroda" has sent me, i figured out the main pattern for his emails usually are
>
info@randomdomain.ru
>
or
>
something@s(1 or 2 numbers).randomdomain.ru
>
after setting up your postfix you can check out the result using the command
>
>
``` shell
postmap -q "your test email here" regexp:/etc/postfix/rejected.senders
>
```
>
for example
>
>
``` shell
postmap -q "info@s4.mayboroda.ru" regexp:/etc/postfix/rejected.senders
>
```
>
the shell returns REJECT
>
this will works until "Mayboroda" will continue to use the same pattern in the mail sender
>
I hope you'll appreciate my advices.
>
have a nice day and happy new year
>
Roberto
>
Best Regards
>
I do appreciate your advice, Roberto. Thank you. I'm sure other people will find this useful as well.