|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Noel Jones (njones
megan.vbhcs.org)
Date: Mon Jul 23 2007 - 11:41:03 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
At 11:08 AM 7/23/2007, Laurent CARON wrote:
>Hi,
>
>Some of my users are receiving spam like this one:
>
>Return-Path: tenayadqka.com
>X-Original-To: myusermydomain.com
>Delivered-To: myusermydomain.com
>Received: from localhost (localhost.localdomain [127.0.0.1])
> by sargon.lncsa.com (Postfix) with ESMTP id AD84D300EB31
> for <myusermydomain.com>; Mon, 23 Jul 2007 16:23:22 +0200 (CEST)
>Received: from sargon.lncsa.com ([127.0.0.1])
> by localhost (sargon.lncsa.com [127.0.0.1]) (amavisd-new, port
>10024)
> with ESMTP id jb8EZlXA0q1v for <myusermydomain.com>;
> Mon, 23 Jul 2007 16:23:22 +0200 (CEST)
>Received: from [81.211.60.93] (unknown [81.211.60.93])
> by sargon.lncsa.com (Postfix) with ESMTP id 6DA17300EB2E
> for <myusermydomain.com>; Mon, 23 Jul 2007 16:21:43 +0200 (CEST)
>Received: from [81.211.60.93] by mail.qka.com; Mon, 23 Jul 2007 14:24:59
>-0300
>Date: Mon, 23 Jul 2007 14:24:59 -0300
>From: "Gerald Hahn"lncsa.fr
>X-Mailer: The Bat! (v3.51.10) Home
>Reply-To: tenayadqka.com
>X-Priority: 3 (Normal)
>Message-ID: <562881633.80886052997978qka.com>
>To: myusermydomain.com
>Subject: Boost your sexual power now!
>MIME-Version: 1.0
>Content-Type: multipart/alternative;
> boundary="----------6EB829AD329321"
>
>Content-Type: text/plain; charset=iso-8859-2
>Content-Transfer-Encoding: 7bit
>
>
>The confusing thing is: From: "Gerald Hahn"mydomain.fr which is of
>course not a valid email address of this domain.
Likely the mail arrived with a header such as:
From: "Gerald Hahn"
which is not a valid From: header, and your postfix added mydomain to it. See
http://www.postfix.org/ADDRESS_REWRITING_README.html#william
In particular, using the main.cf setting:
remote_header_rewrite_domain = domain.invalid
may reduce the confusion.
http://www.postfix.org/postconf.5.html#remote_header_rewrite_domain
>What would be the best way to prevent such spams from reaching the inbox ?
>
>Would the following rule be valid in the header checks ?
>
>/^(From: "\w+ \w+"mydomain\.fr)/ REJECT Mail rejected by rule 228
That is a valid rule, and would likely have stopped this mail.
Note the (...) parenthesis are unneeded here.
Note also this could reject valid mail if you have any users with
similar headers.
You also might consider using
"reject_unknown_reverse_client_hostname" as part of your smtpd
restrictions, which would also have stopped this mail. But this rule
may reject some legit mail - you might want to use it for a while
proceeded with "warn_if_reject" to see what will be affected without
actually rejecting the mail.
http://www.postfix.org/postconf.5.html#reject_unknown_reverse_client_hostname
--
Noel Jones
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]