Fighting Spam: Block entire (T)TLD with Postfix

A Top-Level Domain (TLD) is at the highest level of the Domain Name System (DNS) structure. The domain .com is a TLD. So is .org, .net, and .biz.

I’ve presented on DNS (and BIND) – you can click the link to view my PDF slides (and you can view a listing of all of my posted workshops at https://developcents.com/knowledge-base/#workshops). You can also read an old blog post I wrote on an introduction to DNS & IPv6 at https://developcents.com/2013/10/28/introduction-dns-ipv6/.

But back to this topic… There are a lot of new TLDs, such as .bid and .science. At Develop CENTS, we’ve noticed that spammers are the only ones sending email from domain names inside many of these TLDs.

In an effort to curb this spam, we block email coming from many of these TLDs completely. Here’s how you can too (these instructions are for CentOS servers, but can of course be adapted to your your particular Linux distribution and wherever your Postfix configuration files are located).

1. Create a file in /etc/postfix, and name it “reject_domains”
(vim /etc/postfix/reject_domains)

2. Here are the current contents of our reject_domains file – it’s growing, but we currently are blocking email from 15 different TLDs:

/\.pro$/ REJECT We reject all .pro domains
/\.date$/ REJECT We reject all .date domains
/\.science$/ REJECT We reject all .science domains
/\.top$/ REJECT We reject all .top domains
/\.download$/ REJECT We reject all .download domains
/\.work$/ REJECT We reject all .work domains
/\.click$/ REJECT We reject all .click domains
/\.link$/ REJECT We reject all .link domains
/\.diet$/ REJECT We reject all .diet domains
/\.review$/ REJECT We reject all .review domains
/\.party$/ REJECT We reject all .party domains
/\.zip$/ REJECT We reject all .zip domains
/\.xyz$/ REJECT We reject all .xyz domains
/\.stream$/ REJECT We reject all .stream domains
/\.bid$/ REJECT We reject all .bid domains

3. Edit /etc/postfix/main.cf and add the following line:
smtpd_sender_restrictions =
check_sender_access pcre:/etc/postfix/reject_domains

4. Reload Postfix:
postfix reload

You’re done. Hopefully this will help you combat spam too.

Need help with your Linux web or email server? Contact me at https://developcents.com/contact/ to start a conversation.

Monitoring Linux Systems with Nagios

17 February 2016

I don’t blog over here very much, partly because I try to keep the blog at Develop CENTS updated on a regular basis (although admittedly, I still don’t even blog over there nearly as often as I should). My topics on this website are more personal in nature, including my feelings on public policy (NSA Surveillance, anyone?), requests for public help (I’m looking for some missing family wedding photos taken in Germany in 1946), and posts on computer security that wouldn’t be a great fit for the Develop CENTS blog.

Nagios is extremely versatile, and can monitor just about anything. I first tasted Nagios when I worked as an Operations Intern for Acquia, a Drupal services company in Boston. This was after I spent a year in AmeriCorps working with a Boston nonprofit as a web developer and one of their server administrators.

In today’s post, I’m going to share some of my accumulated knowledge in using Nagios to monitor the infrastructure we manage through Develop CENTS. I recently (in December 2015) gave a presentation to the ChaDevOps Meetup Group on a Basic Introduction to Nagios. You can view all of my workshops & presentations at https://developcents.com/knowledge-base/#past-workshops.

Up until recently, I only used Nagios to monitor public services (namely, does a URL properly load, and is the server responsive to ICMP pings). Within the last 2 months, I’ve expanded my basic Nagios implementation to using NRPE for monitoring server load, memory usage, and postfix mail queues on various servers.

The Setup

I run all of my infrastructure on CentOS. Most of the servers I manage are running either CentOS 6 or 7, although I still have a couple legacy CentOS 5 machines under my control. Instead of compiling Nagios from source (who wants to maintain that?), I’ve opted to use the EPEL repository.

Here’s my setup:

  • EPEL Repo (For CentOS 7, you can install it with `rpm -iUvh http://ftp.linux.ncsu.edu/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm`)
  • After you do a `yum install nagios nagios-plugins-all nagios-nrpe`, you can find the relevant Nagios files as follows:
    • Main config and conf.d directory is in /etc/nagios/
    • Plugins are located in /usr/lib64/nagios/plugins
    • NRPE config is at /etc/nagios/nrpe.conf

The Monitoring

Here’s some of the things that I’m monitoring:

  • Checking for correct DNS values on various hosts
    • check_dns -H host [-s server] [-a expected-address] [-A] [-t timeout] [-w warn] [-c crit] — http://nagios-plugins.org/doc/man/check_dns.html
    • This doesn’t require NRPE, and is a simple check from the monitoring server. Here’s my service definition:

      define service{     host_name ns1.developcents.com     service_description DNS Check     check_command check_dns!ns1.developcents.com     contact_groups admins     max_check_attempts 3     check_interval 10     retry_interval 5     check_period 24×7     notification_interval 30     notification_period 24×7}

  • Checking to see if server load is reasonable
    • check_load [-r] -w WLOAD1,WLOAD5,WLOAD15 -c CLOAD1,CLOAD5,CLOAD15 — http://nagios-plugins.org/doc/man/check_load.html
    • This does require NRPE. Here’s my service definition on the monitoring server:

      define service{ host_name mail.developcents.com service_description Server Load contact_groups admins check_command check_nrpe!check_load check_interval 4 retry_interval 1 max_check_attempts 3 check_period 24×7 notification_period 24×7 }

    • And here’s my NRPE command (found in nrpe.conf) on the server that is being monitored:command[check_load]=/usr/lib64/nagios/plugins/check_load -w 15,10,5 -c 30,25,20
  • Checking the Mail Queue to make sure it’s not clogged
    • This is a 3rd party plugin not included in the default nagios-plugins-all package provided by EPEL. The plugin information is at https://exchange.nagios.org/directory/Plugins/Email-and-Groupware/Postfix/check_postfix_queue/details.
    • Here’s my service definition on the monitoring server:

      define service{ host_name mail.developcents.com service_description Mail Queue contact_groups admins check_command check_nrpe!check_queue check_interval 4 retry_interval 1 max_check_attempts 3 check_period 24×7 notification_period 24×7 }

    • And here’s my NRPE command (again, note that this goes into nrpe.conf on the server that is actually being monitored):command[check_queue]=/usr/lib64/nagios/plugins/check_postfix_queue -w 15 -c 30

I hope that this information is useful to someone! You can also find some of my Nagios-related questions & answers on ServerFault and StackOverflow:

  • My Question and answer on how to monitor URLs: http://stackoverflow.com/questions/9246557/monitoring-urls-with-nagios/
  • My Question and answer on how to monitor hosts with check_ping: http://stackoverflow.com/questions/26746404/nagios-monitoring-hosts-with-check-ping
  • My Answer to How to run a check from the CLI: http://serverfault.com/questions/339968/how-can-i-manually-run-a-nagios-check-from-the-command-line/339969#339969 (See my answer)

Want to share some of your Nagios knowledge? Leave me a comment.

Want me to help you with your Nagios – or other sysadmin – needs? Get a hold of me through Develop CENTS.