OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Rķkharšur Egilsson (Rikhardur.EGILSSON_at_oecd.org)
Date: Tue Aug 06 2002 - 05:55:19 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    It has come to my attention, by the responses I have received, that I
    should have explained the problem better.

    It's *not* a relaying problem. The mail is destined to internal users.

    The problem is that it "appears" to be sent From: local users.
    I.e. the recipient sees:

    ===============================================
    >>From: Big Manager <Big.Managerbiodef.org>
    >>Date: Wed, 3 April 2002 21:15:31
    >>To: Svaka Jaki <Svaka.Jakibiodef.org>
    >>Subject: Good Thing

    Hi,
            I'm selling a few boxes of new herbal viagra like product .
            It's a wonderful thing etc ...
            etc etc etc ,,,
            etc etc etc ,,,
            etc etc etc ,,,
            etc etc etc ,,,
    ===============================================

    I am looking for a solution that blocks incoming mail if :

            a) It is from networks that are *not* in mynetworls
    and
            b) It is either:
                    b.1) MAIL FROM <someonebiodef.org>
            or
                    b.2) The header says "^From: .*biodef.org" 

    -- 
 Rķkharšur Egilsson - Networking/Security EXD/ITN/CCO
 OECD/OCDE - Organisation for Economic Co-operation and Development

    ----- Forwarded message from Rķkharšur Egilsson <Rikhardur.EGILSSONoecd.org> -----

    From: Rķkharšur Egilsson <Rikhardur.EGILSSONoecd.org>
Date: Tue, 6 Aug 2002 11:46:07 +0200
To: Postfix users <postfix-userspostfix.org>
Subject: Rejecting mail "From && To" <internal domain>

    This was also a topic last month, maybe someone has gotten new ideas ..

    The problem is this : Anybody in the world can connect to our mail
gateway and send a mail that appears to come from mydomain.org

    We are already getting quite a few spams like this and since some of them
appear to come from high level managers advertising embarresing
products they are fuming to have this hole closed..

    It complicates the matter that smtpd_sender_restrictions almost never
works since it's only in the header that the mail says BigBossmydomain

    The ideal solution would be to add something like :

    header_checks =
	permit_mynetworks
	regexp:/etc/postfix/BlockInternal

    But apparently that is not allowed ::
Aug  6 11:07:45 BioDef postfix/cleanup[12328]: fatal: open dictionary: need "type:name" form: permit_mynetworks

    Out current idea is to add an additional mail server for outgoing mail
and use the current one only for incoming ..  That way we can block
it with mtpd_sender_restrictions and header_checks

    Any better ideas ?

    -- 
 Rķkharšur Egilsson - Networking/Security EXD/ITN/CCO
 OECD/OCDE - Organisation for Economic Co-operation and Development

    ----- End forwarded message -----

    -
To unsubscribe, send mail to majordomopostfix.org with content
(not subject): unsubscribe postfix-users