I am trying to stop spam from one sender. They each time uses another mail server. here is headers from original email (i replaced my email and host with: my-email@my-domain.com, sender email and host i replaced with: sender-email@sender-website.com, all other is unchanged):
From - Mon Jan 27 14:17:08 2014
X-Account-Key: account7
X-UIDL: 1201266183.11294
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path: <4a590193769-1-589@delivery-gate.com>
Received: from my-domain.com ([unix socket])
by localhost (Cyrus v2.2.13-Debian-2.2.13-10) with LMTPA;
Mon, 27 Jan 2014 14:15:18 +0200
X-Sieve: CMU Sieve 2.2
X-Greylist: delayed 460 seconds by postgrey-1.27 at mnl-bck; Mon, 27 Jan 2014 14:15:05 EET
Received: from gw13.delivery-gate.com (gw13.delivery-gate.com [72.29.83.9])
by my-domain.com (ESMTP daemon) with ESMTP id 999EA15F505
for <my-email@my-domain.com>; Mon, 27 Jan 2014 14:15:05 +0200 (EET)
MIME-Version: 1.0
From: Blah blah blah <sender-email@sender-website.com>
To: my-email@my-domain.com
X-Original-To: my-email@my-domain.com
Reply-To: Blah blah blah <sender-email@sender-website.com>
Subject: {(***Disarmed***)} =?UTF-8?B?VmFsZW50xKtuYSBkaWVuYSBuxIFrIQ==?=
Date: Mon, 27 Jan 2014 12:07:07 +0000
DKIM-Signature: v=1; a=rsa-sha1; q=dns/txt; l=6092; s=default;
t=1390824427; c=relaxed/simple;
h=From:To:Subject;
d=delivery-gate.com;
z=From:=20Blah blah blah=20<sender-email@sender-website.com>
|To:=20my-email@my-domain.com
|Subject:=20=3D?UTF-8?B?VmFsZW50xKtuYSBkaWVuYSBuxIFrIQ=3D=3D?=3D;
bh=fOfN6GO2cjh0ZljdK73x8C71zUg=;
b=BGlxwArEBjFsawRUIO7e9DyOBaUvFs0xgUCPKVkOXVoF0ND5BKxQzCuDqpV3ek1kOGo/gn0UaCH0j405y/XXEfhTE83NN6C/V7zY2pcxf6iBeMAxxqy93CNL1UsAjRLhZOBhg2m1c47WPpHzZdn9dOxXM190YD6x+xqHo8Ydu+c=
Content-Type: multipart/alternative;
boundary="=_6ec15ca19a7f51e90ef52ebaa3d3dfc1"
Message-Id: <20140127120707.1874C2C0E5614@gw13.delivery-gate.com>
X-my-domain.com-MailScanner: Found to be clean
X-my-domain.com-MailScanner-SpamScore: 2.77
X-my-domain.com-MailScanner-From: 4a590193769-1-589@delivery-gate.com
X-MailScanner-Envelope-To: my-email@my-domain.com
--=_6ec15ca19a7f51e90ef52ebaa3d3dfc1
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="UTF-8"
I edited /etc/postfix/sender_access
to reject email from sender-website.com
. But that does not work, because postfix is seeing that email comes from different sender/server. From postfix log file:
Jan 27 14:15:05 myMailServer postfix/smtpd[12822]: connect from gw13.delivery-gate.com[72.29.83.9]
Jan 27 14:15:05 myMailServer postgrey[4304]: delayed 460 seconds: client=gw13.delivery-gate.com, from=4a590193769-#-#@delivery-gate.com, to=my-email@my-domain.com
Jan 27 14:15:05 myMailServer postfix/policy-spf[12827]: : testing: stripped sender=4a590193769@delivery-gate.com, stripped rcpt=my-email@my-domain.com
Jan 27 14:15:05 myMailServer postfix/policy-spf[12827]: : SPF pass: smtp_comment=Please see http://www.openspf.org/why.html?sender=4a590193769-1-589%40delivery-gate.com&ip=72.29.83.9&receiver=myMailServer: 72.29.83.0/24 contains 72.29.83.9, header_comment=myMailServer: domain of 4a590193769-1-589@delivery-gate.comdesignates 72.29.83.9 as permitted sender
Jan 27 14:15:05 myMailServer postfix/policy-spf[12827]: decided action=DUNNO
Jan 27 14:15:05 myMailServer postfix/smtpd[12822]: 999EA15F505: client=gw13.delivery-gate.com[72.29.83.9]
Jan 27 14:15:05 myMailServer postfix/cleanup[12829]: 999EA15F505: hold: header Received: from gw13.delivery-gate.com (gw13.delivery-gate.com [72.29.83.9])??by my-domain.com (ESMTP daemon) with ESMTP id 999EA15F505??for <my-email@my-domain.com>; Mon, 27 Jan 2014 14:15:05 +0200 (EET) from gw13.delivery-gate.com[72.29.83.9]; from=<4a590193769-1-589@delivery-gate.com> to=<my-email@my-domain.com> proto=ESMTP helo=<gw13.delivery-gate.com>
Jan 27 14:15:05 myMailServer postfix/cleanup[12829]: 999EA15F505: message-id=<20140127120707.1874C2C0E5614@gw13.delivery-gate.com>
Jan 27 14:15:05 myMailServer postfix/smtpd[12822]: disconnect from gw13.delivery-gate.com[72.29.83.9]
So, when i am looking message source in thunderbird, i see header: From: Blah blah blah <sender-email@sender-website.com>
. How i can block email from that sender (sender-website.com)? There is no point to block IP, because next time it will different. I have also set up MailScanner, but that too does not see proper from
header. I already blacklisted that domain in MailScanner too.