|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Roman Medina-Heigl Hernandez (roman
rs-labs.com)
Date: Mon Dec 01 2008 - 10:23:07 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Noel Jones escribió:
> Roman Medina-Heigl Hernandez wrote:
>> Hello,
>>
>> Spammers often send (forged) mail where "mail from" address is the
>> same as
>> "rcpt to" address. An extension of that could be using a "mail from"
>> address where src domain is one of our valid virtual domains. I can only
>> think of 3 cases:
>> 1) Src IP is 127.0.0.1 -> Mail should pass (eg: sent by webmail,
>> installed
>> on the same MTA host).
>> 2) Authenticated sender -> Legit users authenticated by SASL -> Should
>> pass
>> 3) All the rest -> Should be rejected (SPAM) (assuming a simple
>> single-MTA
>> config, where MX -receiving mail server- is the same as MTA -outbound
>> sending mail server-)
>>
>> Which is the best/preferred Postfix config to filter out that kind of
>> spam?
>>
>> I have all my valid domains in:
>> virtual_mailbox_domains = hash:/etc/postfix/vdomain
>>
>> The current format of /etc/postfix/vdomain is:
>> domain1 whatever
>> domain2 whatever
>>
>> So perhaps I could do somthing like:
>> smtpd_sender_restrictions =
>> smtpd_recipient_restrictions =
>> permit_mynetworks,
>> reject_unauth_destination,
>> XXXXX,
>> permit
>>
>> where XXXX could be some kind of "check_sender_access" clausule,
>> rejecting
>> domains listed in $virtual_mailbox_domains. How could I implement
>> this? Is
>> there any other preferred solution?
>
> Yes, you can use a map for this;
> XXXX above =
> check_sender_access hash:/etc/postfix/mydomains
>
> # mydomains
> example.com REJECT inside sender not allowed
> example.net REJECT inside sender not allowed
> ...
So there is no other way to do this without having to "duplicate" the
same/similar hash file (/etc/postfix/vdomain and /etc/postfix/mydomains). I
thought perhaps it could exist some directive of the form:
reject_mydestination_domain_sender or something similar to avoid
duplicating domain databases ;-)).
> Note this will reject some legit mail. Spamassassin is probably a
Could you elaborate on that legit mail cases? Examples? It's very important
for me and I couldn't figure any legit cases (apart from the ones I already
mentioned).
> better choice for filtering this type mail.
If I use spamassasing for this, I have to supply my vdomains to
spamassassin. Currently, I implemented a quick have in Amavis, so all
domains are treated as local:
local_domains_acl = qw( . );
My Amavis/spamassasing setup is not filtering at all; it is only used for
marking/scoring (adding headers to) mails (filtering is performed via
Sieve, based on X-Spam-*/X-Amavis-* Headers).
> http://www.openspf.org/
As I said, SPF is plannified for next stage, and I'll have a look to
different resources (thanks for your notes!!).
Regards,
-Roman
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]