I use my Postfix Access file to block certain hosts from accessing my mail server. Typically spam comes from semi random IPs but sometimes, particularly in russia, a spammer will flood me using random IPs from all the ranges the data center owns. Way too many to block individually.
So the Access file uses a format I've never seen used before. If you wanted to block 10.11.12.1 through 10.11.12.255, you'd just do:
That works fine enough. But some of these data centers have huge ranges, and multiple different independent ranges. My access file was getting very long, and would have doubled in size adding the latest russian data center.
So I went through and added teh new data center using CIDR formatting. And I converted all my old rules to that formatting too. Now instead of having 200 lines of rules, I have 13 lines. Which probably makes no difference for the software itself but it makes a big difference for the human eyes trying to read the file.
But here's the problem. It's not working. I'm still getting messages coming from IPs in the blocked ranges. So I had two thoughts:
Do you have to do something specific to enabled CIDR syntax in Postfix files? The docs are kind of unclear but it looked like it was supported?
Or is there a bug in the way CIDR syntax is read? This came to mind because I do seem to be getting LESS spam from these hosts, and the IPs that I'm still getting spam through are similar, as if the rules are not being interpreted right? (or maybe my formatting is wrong?)
Here is an actual rule:
Which from my understanding is supposed to block 94.139.240.1 through 94.139.243.255. Yet I still get spams from the 94.139.242.x range.
Weird right?
Also, I am not married to CIDR at all. Is there some other way to notate ranges of IPs of varying sizes in single lines?
So the Access file uses a format I've never seen used before. If you wanted to block 10.11.12.1 through 10.11.12.255, you'd just do:
10.11.12 REJECT Spamming host blocked
That works fine enough. But some of these data centers have huge ranges, and multiple different independent ranges. My access file was getting very long, and would have doubled in size adding the latest russian data center.
So I went through and added teh new data center using CIDR formatting. And I converted all my old rules to that formatting too. Now instead of having 200 lines of rules, I have 13 lines. Which probably makes no difference for the software itself but it makes a big difference for the human eyes trying to read the file.
10.11.12.0/24 REJECT Spamming host blocked
But here's the problem. It's not working. I'm still getting messages coming from IPs in the blocked ranges. So I had two thoughts:
Do you have to do something specific to enabled CIDR syntax in Postfix files? The docs are kind of unclear but it looked like it was supported?
Or is there a bug in the way CIDR syntax is read? This came to mind because I do seem to be getting LESS spam from these hosts, and the IPs that I'm still getting spam through are similar, as if the rules are not being interpreted right? (or maybe my formatting is wrong?)
Here is an actual rule:
94.139.240.0/22 REJECT IT-GRAD Network is a SPAM source
Which from my understanding is supposed to block 94.139.240.1 through 94.139.243.255. Yet I still get spams from the 94.139.242.x range.
Weird right?
Also, I am not married to CIDR at all. Is there some other way to notate ranges of IPs of varying sizes in single lines?