Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Roman Medina-Heigl Hernandez (romanrs-labs.com)
Date: Mon Dec 01 2008 - 09:14:28 CST
Spammers often send (forged) mail where "mail from" address is the same as
"rcpt to" address. An extension of that could be using a "mail from"
address where src domain is one of our valid virtual domains. I can only
think of 3 cases:
1) Src IP is 127.0.0.1 -> Mail should pass (eg: sent by webmail, installed
on the same MTA host).
2) Authenticated sender -> Legit users authenticated by SASL -> Should pass
3) All the rest -> Should be rejected (SPAM) (assuming a simple single-MTA
config, where MX -receiving mail server- is the same as MTA -outbound
sending mail server-)
Which is the best/preferred Postfix config to filter out that kind of spam?
I have all my valid domains in:
virtual_mailbox_domains = hash:/etc/postfix/vdomain
The current format of /etc/postfix/vdomain is:
So perhaps I could do somthing like:
where XXXX could be some kind of "check_sender_access" clausule, rejecting
domains listed in $virtual_mailbox_domains. How could I implement this? Is
there any other preferred solution?
Another idea could be setting a SPF record for my domains and then some
kind of SPF checks (how could I do that?). I know it is a must but I'd
prefer to leave the SPF setup for the next stage (I'd like to deeply review
all pros/cons, ~all vs ?all, etc).