Loading ...
Sorry, an error occurred while loading the content.

263215Re: Added a Check - Asking for a Review

Expand Messages
  • Noel Jones
    Mar 1 6:39 AM
    • 0 Attachment
      On 2/28/2010 2:26 PM, Carlos Williams wrote:
      > On Wed, Jan 20, 2010 at 10:34 AM, Ralf Hildebrandt
      > <Ralf.Hildebrandt@...> wrote:
      >>> /^localhost$/ 550 Don't use my own domain (localhost)!
      >>> /^iamghost.\com$/ 550 Don't use my own domain!
      >>> /^64\.95\.64\.198$/ 550 Your spam was rejected because you're forging my IP.
      >>> /^\[64\.95\.64\.198\]$/ 550 Your spam was rejected because you're forging my IP.
      >>> /^mail\.iamghost.\com$/ 550 Don't use my own hostname!
      >>> /^[0-9.-]+$/ 550 Your software is not RFC 2821
      >>> compliant: EHLO/HELO must be a domain or an address-literal (IP enclosed in []) - not a naked IP.
      >>>
      >>> Beyond this file, does my main.cf file look correct to you?
      >>
      >> Looks OK.
      >
      > Why did this email get through Postfix if my I followed Ralph's
      > example of helo_checks.pcre'? I posted my postconf -n previously in
      > this message and above you can see the contents of 'helo_checks.pcre'
      > & I would think this would prevent anyone from sending mail to my
      > Postfix server spoofing my domain in the headers. Am I wrong? I got
      > the following email this weekend:
      >
      > Return-Path:<postmaster@...>
      > X-Original-To: postmaster@...
      > Delivered-To: postmaster@...
      > Received: from localhost (localhost.localdomain [127.0.0.1])
      > by mail.iamghost.com (Postfix) with ESMTP id EC5B277ADD6
      > for<postmaster@...>; Sat, 27 Feb 2010 15:05:50 -0500 (EST)
      > X-Virus-Scanned: amavisd-new at iamghost.com
      > X-Spam-Flag: YES
      > X-Spam-Score: 7.457
      > X-Spam-Level: *******
      > X-Spam-Status: Yes, score=7.457 tagged_above=-999 required=5
      > tests=[BAYES_50=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457,
      > RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033,
      > RDNS_NONE=0.1] autolearn=no
      > Received: from mail.iamghost.com ([127.0.0.1])
      > by localhost (iamghost.com [127.0.0.1]) (amavisd-new, port 10024)
      > with LMTP id awUEbrkCfcvq for<postmaster@...>;
      > Sat, 27 Feb 2010 15:05:50 -0500 (EST)
      > Received: from ambianceimports.com (unknown [89.204.40.160])
      > by mail.iamghost.com (Postfix) with SMTP id 179C477ADB5
      > for<postmaster@...>; Sat, 27 Feb 2010 15:05:48 -0500 (EST)
      > To:<postmaster@...>
      > Subject: ***SPAM*** Delivery Status Notification
      > From: Inez<postmaster@...>
      > MIME-Version: 1.0
      > Content-Type: text/html; charset="ISO-8859-1"
      > Content-Transfer-Encoding: 7bit
      > Message-Id:<20100227200549.179C477ADB5@...>
      > Date: Sat, 27 Feb 2010 15:05:48 -0500 (EST)
      >
      > I thought this was the point of adding the 'helo_checks' but I think I
      > am missing something. Can anyone please help explain what I did wrong
      > or am missing? I think this email should have been prevented with:
      >
      > /^iamghost\.com$/ 550 Don't use my own domain
      >
      > The headers of this email show the spammer spoofed this email to come
      > from 'postmaster@...'.

      Learn to read the Received: headers.

      Received: from helo_hostname (client_hostname [client.ip])
      by myname (Postfix) with SMTP id QUEUEID
      for <recipient>; date

      (the "for <recipient>" part is omitted if there is more than
      one recipient.)

      Your check is for the helo_hostname, which is ambianceimports.com.

      If you want to prevent your own domain as sender address in
      outside mail, you'll need to add a check_sender_access map for
      that.

      -- Noel Jones

      >
      > *Below is my output of 'postconf -n':
      >
      > address_verify_sender = $double_bounce_sender
      > alias_database = hash:/etc/aliases
      > alias_maps = hash:/etc/aliases, hash:/etc/mailman/aliases
      > broken_sasl_auth_clients = yes
      > command_directory = /usr/sbin
      > config_directory = /etc/postfix
      > content_filter = amavisfeed:[127.0.0.1]:10024
      > daemon_directory = /usr/libexec/postfix
      > home_mailbox = Maildir/
      > html_directory = no
      > inet_interfaces = all
      > mail_owner = postfix
      > mailq_path = /usr/bin/mailq.postfix
      > manpage_directory = /usr/share/man
      > message_size_limit = 20480000
      > mydestination = $myhostname, $mydomain, mail.$mydomain
      > mydomain = iamghost.com
      > myhostname = mail.iamghost.com
      > mynetworks = $config_directory/mynetworks
      > myorigin = $mydomain
      > newaliases_path = /usr/bin/newaliases.postfix
      > queue_directory = /var/spool/postfix
      > recipient_delimiter = +
      > relay_domains =
      > sendmail_path = /usr/sbin/sendmail.postfix
      > setgid_group = postdrop
      > smtp_tls_security_level = may
      > smtpd_banner = $myhostname ESMTP
      > smtpd_delay_reject = yes
      > smtpd_helo_required = yes
      > smtpd_helo_restrictions = permit_mynetworks,
      > permit_sasl_authenticated, reject_non_fqdn_helo_hostname,
      > reject_invalid_helo_hostname
      > smtpd_recipient_restrictions = permit_mynetworks,
      > permit_sasl_authenticated, reject_unauth_pipelining,
      > reject_non_fqdn_recipient, reject_unknown_recipient_domain,
      > reject_unauth_destination, reject_unlisted_recipient,
      > check_policy_service unix:postgrey/socket, check_sender_access
      > hash:/etc/postfix/sender_access,
      > check_helo_access pcre:/etc/postfix/helo_checks.pcre,
      > reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net
      > smtpd_sasl_auth_enable = yes
      > smtpd_sasl_path = private/auth
      > smtpd_sasl_security_options = noanonymous
      > smtpd_sasl_type = dovecot
      > smtpd_sender_restrictions = permit_mynetworks,
      > permit_sasl_authenticated, reject_non_fqdn_sender,
      > reject_unknown_sender_domain,
      > reject_unknown_reverse_client_hostname, permit
      > smtpd_tls_auth_only = yes
      > smtpd_tls_cert_file = /etc/ssl/mail.crt
      > smtpd_tls_key_file = /etc/ssl/mail.key
      > smtpd_tls_loglevel = 1
      > smtpd_tls_security_level = may
      > smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache
      > smtpd_tls_session_cache_timeout = 3600s
      > tls_random_source = dev:/dev/urandom
      > unknown_local_recipient_reject_code = 550
    • Show all 12 messages in this topic