Spam from the same domain
in [Postfix]
|
From: "Steve" on 26 Mar 2010 19:55 -------- Original-Nachricht -------- > Datum: Sat, 27 Mar 2010 00:13:25 +0100 > Von: Ansgar Wiechers <lists(a)planetcobalt.net> > An: postfix-users(a)postfix.org > Betreff: Re: Spam from the same domain > On 2010-03-26 Steve wrote: > > Von: listadecorreo <listadecorreo(a)sbd.cadinor.com> > >> in the last month I revived a lot of spam from > >> user_non_exist(a)mydomain to user_exist(a)mydomain..... can I block all > >> received externals mails from my domain to my domain... > ^^^^^^^^^^^^^^^ > > Are your users sending mail over your infrastructure? Do you force > > them to use SMTP AUTH/SASL? If so then you might have a look at > > reject_sender_login_mismatch to stop forgeries from your own domain. > > The OP wants to block external, not internal senders. > I have perfectly understood what the OP wants. And my answer is still valid. I have reject_sender_login_mismatch active on my servers and trying from remote (or local) to send a mail with my email address or any email address under one of my domains as the sender without being authenticated against Postfix does not work (replaced sensitive information to protect the innocent): ----------------------------- netbox ~ # telnet mail.mydomain.tld 25 Trying 12.23.34.56... Connected to mail.mydomain.tld. Escape character is '^]'. 220 cluster2.mydomain.tld ESMTP Postfix (2.7.0) ehlo some.remote.name.tld 250-cluster2.mydomain.tld 250-PIPELINING 250-SIZE 52428800 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5 250-AUTH=PLAIN LOGIN DIGEST-MD5 CRAM-MD5 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN mail from:<me(a)mydomain.tld> 553 5.7.1 <me(a)mydomain.tld>: Sender address rejected: not logged in rset 250 2.0.0 Ok quit 221 2.0.0 Bye Connection closed by foreign host. netbox ~ # ----------------------------- And the same goes if the sender does not exist: ----------------------------- netbox ~ # telnet mail.mydomain.tld 25 Trying 12.23.34.57... Connected to mail.mydomain.tld. Escape character is '^]'. 220 cluster1.mydomain.tld ESMTP Postfix (2.7.0) ehlo some.remote.name.tld 250-cluster1.mydomain.tld 250-PIPELINING 250-SIZE 52428800 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5 250-AUTH=PLAIN LOGIN DIGEST-MD5 CRAM-MD5 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN mail from:<non.existing(a)mydomain.tld> 553 5.7.1 <non.existing(a)mydomain.tld>: Sender address rejected: not logged in rset 250 2.0.0 Ok quit 221 2.0.0 Bye Connection closed by foreign host. netbox ~ # ----------------------------- So if I am not totally wrong understanding the OP then the above would work for blocking external mails that claim to be from <user_non_exist(a)mydomain> and are send to <user_exist(a)mydomain>. But only if he has a mechanism available in Postfix to identify logged in users and if he forces any of his users to first be authenticated before being able to send mails. Please feel free to correct me if my suggestion is not valid. > Regards > Ansgar Wiechers > -- // Steve -- GRATIS f�r alle GMX-Mitglieder: Die maxdome Movie-FLAT! Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01
From: Sahil Tandon on 27 Mar 2010 11:52 On Fri, 26 Mar 2010, Mark Goodge wrote: > On 26/03/2010 20:54, listadecorreo wrote: > > > >in the last month I revived a lot of spam from user_non_exist(a)mydomain > >to user_exist(a)mydomain..... can I block all received externals mails > >from my domain to my domain... > > It's very easy to block mails from fake_user(a)domain to > real_user(a)domain. Just turn on sender address verification for your > own domains. An easier way to block spam from fake(a)example.org is to use reject_unlisted_sender. See postconf(5). http://www.postfix.org/postconf.5.html#reject_unlisted_sender http://www.postfix.org/postconf.5.html#smtpd_reject_unlisted_sender -- Sahil Tandon <sahil(a)tandon.net>
From: mouss on 27 Mar 2010 11:58 listadecorreo a �crit : > > Hello > > in the last month I revived a lot of spam from user_non_exist(a)mydomain > to user_exist(a)mydomain..... can I block all received externals mails > from my domain to my domain... > I use postfix with amavis (spamassassin/clamav) > - to block mail from user_not_exist(a)yourdomain, simply use reject_unlisted_sender in your smtpd restrictions, or even more simply, set smtpd_reject_unlisted_sender = yes The latter applies to all mail. - to block mail from user_exist(a)yourdomain if it comes from external clients and is not authenticated, then simply use smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination check_sender_access hash:/etc/postfix/access_sender ... == access_sender example.com REJECT not allowed without authentication ..example.com REJECT not allowed without authentication .... This will reject all mail from joe(a)example.com or joe(a)sub.example.com unless it comes from mynetworks or the user was authenticated. note this applies to envelope addresses (MAIL FROM), not to headers (From: or Reply-To:). If you are about headers, first try zen as suggested before. for the spam that slips, tune spamassassin.
From: listadecorreo on 27 Mar 2010 16:30 mouss wrote: > listadecorreo a �crit : > >> Hello >> >> in the last month I revived a lot of spam from user_non_exist(a)mydomain >> to user_exist(a)mydomain..... can I block all received externals mails >> from my domain to my domain... >> I use postfix with amavis (spamassassin/clamav) >> >> > > > - to block mail from user_not_exist(a)yourdomain, simply use > reject_unlisted_sender > in your smtpd restrictions, or even more simply, set > smtpd_reject_unlisted_sender = yes > The latter applies to all mail. > > - to block mail from user_exist(a)yourdomain if it comes from external > clients and is not authenticated, then simply use > > smtpd_recipient_restrictions = > permit_mynetworks > permit_sasl_authenticated > reject_unauth_destination > check_sender_access hash:/etc/postfix/access_sender > ... > > == access_sender > example.com REJECT not allowed without authentication > .example.com REJECT not allowed without authentication > ... > > This will reject all mail from joe(a)example.com or joe(a)sub.example.com > unless it comes from mynetworks or the user was authenticated. > > note this applies to envelope addresses (MAIL FROM), not to headers > (From: or Reply-To:). > > If you are about headers, first try zen as suggested before. for the > spam that slips, tune spamassassin. > > > thanks, is perfect.... Recuerdos Pep
First
|
Prev
|
Pages: 1 2 Prev: Postfix LDAP "Temporary lookup failure" Next: Catch-all alias not working correctly |