|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Noel Jones (njones
megan.vbhcs.org)
Date: Mon Dec 01 2008 - 10:48:32 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Roman Medina-Heigl Hernandez wrote:
> Noel Jones escribió:
>> Roman Medina-Heigl Hernandez wrote:
>>> Hello,
>>>
>>> Spammers often send (forged) mail where "mail from" address is the
>>> same as
>>> "rcpt to" address. An extension of that could be using a "mail from"
>>> address where src domain is one of our valid virtual domains. I can only
>>> think of 3 cases:
>>> 1) Src IP is 127.0.0.1 -> Mail should pass (eg: sent by webmail,
>>> installed
>>> on the same MTA host).
>>> 2) Authenticated sender -> Legit users authenticated by SASL -> Should
>>> pass
>>> 3) All the rest -> Should be rejected (SPAM) (assuming a simple
>>> single-MTA
>>> config, where MX -receiving mail server- is the same as MTA -outbound
>>> sending mail server-)
>>>
>>> Which is the best/preferred Postfix config to filter out that kind of
>>> spam?
>>>
>>> I have all my valid domains in:
>>> virtual_mailbox_domains = hash:/etc/postfix/vdomain
>>>
>>> The current format of /etc/postfix/vdomain is:
>>> domain1 whatever
>>> domain2 whatever
>>>
>>> So perhaps I could do somthing like:
>>> smtpd_sender_restrictions =
>>> smtpd_recipient_restrictions =
>>> permit_mynetworks,
>>> reject_unauth_destination,
>>> XXXXX,
>>> permit
>>>
>>> where XXXX could be some kind of "check_sender_access" clausule,
>>> rejecting
>>> domains listed in $virtual_mailbox_domains. How could I implement
>>> this? Is
>>> there any other preferred solution?
>> Yes, you can use a map for this;
>> XXXX above =
>> check_sender_access hash:/etc/postfix/mydomains
>>
>> # mydomains
>> example.com REJECT inside sender not allowed
>> example.net REJECT inside sender not allowed
>> ...
>
> So there is no other way to do this without having to "duplicate" the
> same/similar hash file (/etc/postfix/vdomain and /etc/postfix/mydomains). I
> thought perhaps it could exist some directive of the form:
> reject_mydestination_domain_sender or something similar to avoid
> duplicating domain databases ;-)).
If you have a large number of domains, keep a separate list of
the domains and let the computer build the different tables
for you. Use a Makefile to make it easy.
>
>> Note this will reject some legit mail. Spamassassin is probably a
>
> Could you elaborate on that legit mail cases? Examples? It's very important
> for me and I couldn't figure any legit cases (apart from the ones I already
> mentioned).
Some web invites / rotten mail lists / web notifications etc.
will arrive with the recipient's address as the sender. While
this is generally poor form, a few legit sites do it. I don't
have any specific examples, but know they exist. "trust me"
--
Noel Jones
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]