|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Ralf Hildebrandt (Ralf.Hildebrandt
charite.de)Date: Thu May 09 2002 - 14:26:55 CDT
On Thu, May 09, 2002 at 01:23:03PM -0500, Vernon A. Fort wrote:
> I'm sending this to both group in hope to be enlightened!!!!!
>
> We have a mail address sending approx 5-9 email per day with the
> Klez virus (amavis is stopping it), however I wanted to
> block/reject the email address entirely to eleminate the continuous
> flood. So using the header_checks, I configured the following for
> ieschasbellsouth.net
check_sender_access hash:/etc/postfix/senders
and in /etc/postfix/senders:
ieschasbellsouth.net REJECT
No need for header checks. But with klez forgin sender addresses, it's
better to block the client!
> May 9 09:30:15 iweb postfix/qmgr[25852]: 7D261AD5B: from=<ieschasbellsouth.net>, size=131349, nrcpt=1 (queue active)
> May 9 09:30:15 iweb postfix/smtpd[30092]: disconnect from mail016.mail.bellsouth.net[205.152.58.36]
This is an envelope sender, not a header.
> From: PrintShop <PrintShopcolumbia-ltg.com>
Yes, headers can be forged.
> The date matches, the postfix queue ID's match but this header
> clearly states it from printshopcolumbia-ltg.com, not
> ieschasbellsouth.com. I posted several messages about
> header_checks attempting to get the sentax correct so I could
> block this address because what I was normally use to
> configured was not working. It looks like something else is
> going on here.
>
> What am I looking at or missing. Is it possible to spoof the From
> email address? I am completey baffeled by this....any suggestions
> would be GREATLY appreciated!!!!!
You haven't understood the difference between HEADER and ENVELOPE from!
-- Ralf Hildebrandt (Im Auftrag des Referat V A) Ralf.Hildebrandt- To unsubscribe, send mail to majordomo
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]