OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: UCE meassures
From: Martin Mielke (martinmpeople-com.com)
Date: Thu Sep 14 2000 - 03:45:19 CDT

Dear all,

reading the sample-*.cf files and UCE meassures, I try to have something
like:

        relay_domain = $mydomain
        smtpd_recipient_restrictions = permit_my_networks,
reject_unknown_client
        check_relay_domains

After a postfix reload, the system logs the following:

Sep 14 10:19:05 caronte postfix/smtpd[4127]: fatal: parameter
"smtpd_recipient_restrictions": specify at least one explicit instance of:
check_relay_domains reject_unauth_destination reject
Sep 14 10:19:06 caronte postfix/master[3586]: warning: process
/usr/lib/postfix/smtpd pid 4127 exit status 1
Sep 14 10:19:06 caronte postfix/master[3586]: warning:
/usr/lib/postfix/smtpd: bad command startup -- throttling
Sep 14 10:19:31 caronte postfix-script: refreshing the Postfix mail system

The UCE meassures work more or less. According to a:

        telnet mail-abuse.org

everything is fine-tuned.
If I perform some tests myself, I get different responses instead when
telnetting from a remote/hostile host (I have legitimate access to it!):

        telnet mymailserver.com 25
        ...
        MAIL FROM: bill_clintonwhitehouse.gov
        ...
        RCPT TO: usermydomain.com (case 1)
        ...
        RCPT TO; useranotherdomain.com (case 2)
        ...
        DATA
        bla bla bla
        ...
        .

Case 1 works! I get a nice email from bill_clintonwhitehouse.gov with some
craptalk inside :-)
Only case 2 rejects the email with an error message to the spammer.

What am I overseeing? Any help is (as always) welcomed!

Martin