|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Nicolas Michel (nicolas.michel
lemail.be)
Date: Mon Aug 09 2010 - 12:58:28 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 08/09/2010 06:34 PM, Stan Hoeppner wrote:
> Nicolas Michel put forth on 8/9/2010 9:29 AM:
>
>> For example : a host with IP WWW.XXX.YYY.ZZZ try so send a mail to my
>> domain (we'll call it mydomain.be) and claims that the sender is
>> userotherdomain.com
>
> Example of forging, typical of spammers:
>
> Return-Path:<ColtenArmigeryahoo.dk>
> X-Original-To: XXXXXXXX
> Delivered-To: XXXXXXXX
> Received: from [59.95.115.27] (unknown [59.95.115.27])
> by XXXXXXXX (Postfix) with ESMTP id A1ABC6C35B
> for<XXXXXXXX>; Mon, 9 Aug 2010 07:52:49 -0500 (CDT)
> Received: from [59.95.115.27] by mx1.mail.eu.yahoo.com; Mon, 9 Aug 2010
> 18:22:49 +0530
> From: "DUSTY MORRISON"<DUSTYMORRISONyahoo.dk>
>
>
> Note that both the display name and return path are different addresses, but
> both claim to be from Yahoo Germany infrastructure. Note that the sending MTA
> is within the network of BSNL Internet in New Delhi India.
>
> This is probably very similar to what you're seeing, and what we're all
> seeing. 99%+ of all spam is forged, sometimes, as in this case, at multiple
> levels. This spammer even went as far as inserting a fake transaction in the
> header to make it look like the email went through yahoo.dk servers at one
> point, when in fact it did not.
>
> Unfortunately the SMTP protocol does not really allow us to discern forged
> email. If it did, spam would never have become the scourge of the internet
> that it has.
>
> There is no magic bullet to kill spam. It would probably be beneficial if you
> shared your main.cf of 'postconf -n' output with us. We can then suggest
> additional configuration settings that will help reject spam.
>
> Do you use Spamassassin or another email content filter?
>
I'm using mailscanner which works well and postfix is configured to
reject the maximum of bad mails :
relay_recipient_maps =
proxy:unix:passwd.byname,
hash:/etc/aliases,
ldap:/etc/postfix/zimbra-users.cf
smtpd_recipient_restrictions =
permit_mynetworks,
reject_non_fqdn_hostname,
reject_invalid_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unauth_destination,
reject_unknown_hostname,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client dul.dnsbl.sorbs.net,
permit
I'm searching to improve our mail system and SPF seems to be a good way
to do it. However if you have some suggestions I'll thank you ;)
By the way, I read how to implement SPF checks with
postfix-policyd-spf-perl. But in the howto they __reject__ mails and I
do prefer to manage SPF with mailscanner with scores. Someone already
did it?
I also seen that there is spf-milter-python
=> which one is better? The implementation in perl or the one in python?
Thank you,
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]