Loading ...
Sorry, an error occurred while loading the content.
 

How to stop these fakes?

Expand Messages
  • lists.postfix-users@duinheks.nl
    Hallo postfix-users, Occasionally external systems are tying to send mail with a faked sender address via my system. So far no harm is done, ad they have not
    Message 1 of 7 , Jul 31, 2008
      Hallo postfix-users,

      Occasionally external systems are tying to send mail with a
      faked sender address via my system. So far no harm is done,
      ad they have not been able to create a real user name. But
      I would like to stop them before they use my mail system,
      as soon as they make contact. How can I do this?
      Example:
      Jul 31 15:31:02 duinheks postfix/smtpd[29511]: NOQUEUE: reject: RCPT from
      unknown[218.20.152.23]: 550 5.1.0 <nqcmr@...>: Sender address
      rejected:
      User unknown in local recipient table; from=<nqcmr@...>
      to=<gongsi_pxb@...> proto=ESMTP helo=<chenzao>

      Groeten,

      Hans.

      jdh punt beekhuizen bij duinheks punt nl

      Here's my current configurtaion:
      alias_database = hash:/etc/postfix/aliases
      alias_maps = hash:/etc/postfix/aliases,
      hash:/opt/mailman/data/aliases
      command_directory = /usr/sbin
      config_directory = /etc/postfix
      daemon_directory = /usr/libexec/postfix
      data_directory = /var/lib/postfix
      debug_peer_level = 2
      default_transport = smtp
      home_mailbox = Mailbox
      html_directory = no
      local_recipient_maps = $alias_maps unix:passwd.byname
      mail_owner = postfix
      mailbox_size_limit = 2048000000
      mailq_path = /usr/bin/mailq
      manpage_directory = /usr/local/man
      message_size_limit = 15360000
      mydestination = duinheks.nl, $myhostname, localhost.$mydomain
      mydomain = duinheks.nl
      myhostname = duinheks.nl
      mynetworks = 192.168.178.0/24, 127.0.0.0/8
      mynetworks_style = host
      myorigin = $myhostname
      newaliases_path = /usr/bin/newaliases
      queue_directory = /var/spool/postfix
      readme_directory = no
      recipient_delimiter = +
      relay_domains = $mydestination, f1018.n280.z2.fidonet.org
      relayhost = smtp.xs4all.nl
      sample_directory = /etc/postfix
      sender_canonical_maps = hash:/etc/postfix/sender_canonical
      sendmail_path = /usr/lib/sendmail
      setgid_group = postdrop
      smtpd_recipient_restrictions = reject_non_fqdn_sender
      reject_non_fqdn_recipient reject_unlisted_recipient
      reject_unlisted_sender permit_mynetworks reject_unauth_destination
      permit
      soft_bounce = no
      strict_rfc821_envelopes = yes
      transport_maps = hash:/etc/postfix/transport
      unknown_client_reject_code = 554
      unknown_local_recipient_reject_code = 550

      --- GoldED+/LNX 1.1.5/080731
      * Origin: The Wizard is using MBSE/Linux (2:280/1018)
    • ram
      On Fri, 2008-08-01 at 08:18 +0200, lists.postfix-users@duinheks.nl ... I dont see any reason for you to worry. You are doing a reject_unauth_destination
      Message 2 of 7 , Aug 1 2:03 AM
        On Fri, 2008-08-01 at 08:18 +0200, lists.postfix-users@...
        wrote:
        > Hallo postfix-users,
        >
        > Occasionally external systems are tying to send mail with a
        > faked sender address via my system. So far no harm is done,
        > ad they have not been able to create a real user name. But
        > I would like to stop them before they use my mail system,
        > as soon as they make contact. How can I do this?
        > Example:
        > Jul 31 15:31:02 duinheks postfix/smtpd[29511]: NOQUEUE: reject: RCPT from
        > unknown[218.20.152.23]: 550 5.1.0 <nqcmr@...>: Sender address
        > rejected:
        > User unknown in local recipient table; from=<nqcmr@...>
        > to=<gongsi_pxb@...> proto=ESMTP helo=<chenzao>


        I dont see any reason for you to worry. You are doing a
        reject_unauth_destination already
        There is no way to stop *all* unauthorized connections ( as soon as they
        connect ? ). You could use RBL's like zen.spamhaus etc on connect that
        will stop a lot of them but not all
      • Robert Schetterer
        ... reject_unknown_reverse_client_hostname helps a lot here -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
        Message 3 of 7 , Aug 1 2:37 AM
          ram schrieb:
          > On Fri, 2008-08-01 at 08:18 +0200, lists.postfix-users@...
          > wrote:
          >> Hallo postfix-users,
          >>
          >> Occasionally external systems are tying to send mail with a
          >> faked sender address via my system. So far no harm is done,
          >> ad they have not been able to create a real user name. But
          >> I would like to stop them before they use my mail system,
          >> as soon as they make contact. How can I do this?
          >> Example:
          >> Jul 31 15:31:02 duinheks postfix/smtpd[29511]: NOQUEUE: reject: RCPT from
          >> unknown[218.20.152.23]: 550 5.1.0 <nqcmr@...>: Sender address
          >> rejected:
          >> User unknown in local recipient table; from=<nqcmr@...>
          >> to=<gongsi_pxb@...> proto=ESMTP helo=<chenzao>
          >
          >
          > I dont see any reason for you to worry. You are doing a
          > reject_unauth_destination already
          > There is no way to stop *all* unauthorized connections ( as soon as they
          > connect ? ). You could use RBL's like zen.spamhaus etc on connect that
          > will stop a lot of them but not all
          >
          >
          >
          >
          >
          >
          >
          >
          >
          reject_unknown_reverse_client_hostname
          helps a lot here

          --
          Best Regards

          MfG Robert Schetterer

          Germany/Munich/Bavaria
        • lists.postfix-users@duinheks.nl
          Hallo Robert, ... RS reject_unknown_reverse_client_hostname RS helps a lot here Thanks. I ve put that in and will awit and see what happens. Groeten, Hans.
          Message 4 of 7 , Aug 4 1:53 AM
            Hallo Robert,

            Op vrijdag 01 augustus 2008 schreef Robert Schetterer aan ram:

            >>> Example:
            >>> Jul 31 15:31:02 duinheks postfix/smtpd[29511]: NOQUEUE:
            >>> reject: RCPT from unknown[218.20.152.23]: 550 5.1.0
            >>> <nqcmr@...>: Sender address rejected: User unknown in
            >>> local recipient table; from=<nqcmr@...>
            >>> to=<gongsi_pxb@...> proto=ESMTP helo=<chenzao>

            RS> reject_unknown_reverse_client_hostname
            RS> helps a lot here

            Thanks. I've put that in and will awit and see what happens.

            Groeten,

            Hans.

            jdh punt beekhuizen bij duinheks punt nl

            --- GoldED+/LNX 1.1.5/080731
            * Origin: The Wizard is using MBSE/Linux (2:280/1018)
          • lists.postfix-users@duinheks.nl
            Hallo ram, ... ra I dont see any reason for you to worry. You are doing a ra reject_unauth_destination already It s not the destination I m worried about,
            Message 5 of 7 , Aug 4 1:56 AM
              Hallo ram,

              Op vrijdag 01 augustus 2008 schreef ram aan lists.postfix-users@...:

              >> Occasionally external systems are tying to send mail with a
              >> faked sender address via my system. So far no harm is done,
              >> ad they have not been able to create a real user name. But
              >> I would like to stop them before they use my mail system,
              >> as soon as they make contact. How can I do this?
              ra> I dont see any reason for you to worry. You are doing a
              ra> reject_unauth_destination already

              It's not the destination I'm worried about, it's the sender.
              There is a [small] possibility that the culprit guesses a real
              user name on my system and then sends spam or other unpleasant
              things across the world. I would not like that...

              ra> There is no way to stop *all* unauthorized connections ( as soon
              ra> as they connect ? ).

              That was not very well formulated, sorry. Obviously they have
              to make contact before I can see who they are. But I would
              like postfix to see as soon as possible that my host name is
              used illegally and reject that message straight away.

              Groeten,

              Hans.

              jdh punt beekhuizen bij duinheks punt nl

              --- GoldED+/LNX 1.1.5/080731
              * Origin: The Wizard is using MBSE/Linux (2:280/1018)
            • ram
              On Mon, 2008-08-04 at 10:56 +0200, lists.postfix-users@duinheks.nl ... Enable smtp authentication. Allow only authenticated users of your domain to send to
              Message 6 of 7 , Aug 4 7:03 AM
                On Mon, 2008-08-04 at 10:56 +0200, lists.postfix-users@...
                wrote:
                > Hallo ram,
                >
                > Op vrijdag 01 augustus 2008 schreef ram aan lists.postfix-users@...:
                >
                > >> Occasionally external systems are tying to send mail with a
                > >> faked sender address via my system. So far no harm is done,
                > >> ad they have not been able to create a real user name. But
                > >> I would like to stop them before they use my mail system,
                > >> as soon as they make contact. How can I do this?
                > ra> I dont see any reason for you to worry. You are doing a
                > ra> reject_unauth_destination already
                >
                > It's not the destination I'm worried about, it's the sender.
                > There is a [small] possibility that the culprit guesses a real
                > user name on my system and then sends spam or other unpleasant
                > things across the world. I would not like that...
                >
                Enable smtp authentication. Allow only authenticated users of your
                domain to send to outside world. A spammer can guess the username but
                cant get the password
                ( I am assuming you dont allow the "username=password" on your
                machine :-) )
              • lists.postfix-users@duinheks.nl
                Hallo Robert, Op maandag 04 augustus 2008 schreef lists.postfix-users@duinheks.nl aan postfix-users: RS reject_unknown_reverse_client_hostname RS helps a
                Message 7 of 7 , Aug 14 7:20 AM
                  Hallo Robert,

                  Op maandag 04 augustus 2008 schreef lists.postfix-users@... aan
                  postfix-users:

                  RS>> reject_unknown_reverse_client_hostname
                  RS>> helps a lot here
                  lpu> Thanks. I've put that in and will wait and see what happens.

                  It took a few days, becaus it doen'st happen every day. But this
                  solution doesn't seem to work:
                  Aug 11 05:12:09 duinheks postfix/smtpd[13102]: connect from
                  125-225-150-228.dynamic.hinet.net[125.225.150.228]
                  Aug 11 05:12:12 duinheks postfix/smtpd[13102]: lost connection after EHLO from
                  125-225-150-228.dynamic.hinet.net[125.225.150.228]
                  Aug 11 05:12:12 duinheks postfix/smtpd[13102]: disconnect from
                  125-225-150-228.dynamic.hinet.net[125.225.150.228]
                  Aug 11 05:12:26 duinheks postfix/smtpd[13102]: connect from
                  125-225-150-228.dynamic.hinet.net[125.225.150.228]
                  Aug 11 05:12:33 duinheks postfix/smtpd[13102]: NOQUEUE: reject: RCPT from
                  125-225-150-228.dynamic.hinet.net[125.225.150.228]: 550 5.1.0
                  <rxdip@...>: Sender address rejected: User unknown in local recipient
                  table; from=<rxdip@...> to=<c0f2547f@...> proto=ESMTP
                  helo=<ADMIN-F76C08610>
                  Aug 11 05:12:34 duinheks postfix/smtpd[13102]: lost connection after DATA (0
                  bytes) from 125-225-150-228.dynamic.hinet.net[125.225.150.228]
                  Aug 11 05:12:34 duinheks postfix/smtpd[13102]: disconnect from
                  125-225-150-228.dynamic.hinet.net[125.225.150.228]

                  Or mayee I put it into the wrog place... I find it very
                  difficult to find all the possible configuration options
                  of Postfix and put them into the right place :(

                  Groeten,

                  Hans.

                  jdh punt beekhuizen bij duinheks punt nl

                  alias_database = hash:/etc/postfix/aliases
                  alias_maps = hash:/etc/postfix/aliases,
                  hash:/opt/mailman/data/aliases
                  command_directory = /usr/sbin
                  config_directory = /etc/postfix
                  daemon_directory = /usr/libexec/postfix
                  data_directory = /var/lib/postfix
                  debug_peer_level = 2
                  default_transport = smtp
                  home_mailbox = Mailbox
                  html_directory = no
                  local_recipient_maps = $alias_maps unix:passwd.byname
                  mail_owner = postfix
                  mailbox_size_limit = 2048000000
                  mailq_path = /usr/bin/mailq
                  manpage_directory = /usr/local/man
                  message_size_limit = 15360000
                  mydestination = duinheks.nl, $myhostname, localhost.$mydomain
                  mydomain = duinheks.nl
                  myhostname = duinheks.nl
                  mynetworks = 192.168.178.0/24, 127.0.0.0/8
                  mynetworks_style = host
                  myorigin = $myhostname
                  newaliases_path = /usr/bin/newaliases
                  queue_directory = /var/spool/postfix
                  readme_directory = no
                  recipient_delimiter = +
                  relay_domains = $mydestination, f1018.n280.z2.fidonet.org
                  relayhost = smtp.xs4all.nl
                  sample_directory = /etc/postfix
                  sender_canonical_maps = hash:/etc/postfix/sender_canonical
                  sendmail_path = /usr/lib/sendmail
                  setgid_group = postdrop
                  smtpd_recipient_restrictions = reject_non_fqdn_sender
                  reject_unknown_reverse_client_hostname reject_non_fqdn_recipient
                  reject_unlisted_recipient reject_unlisted_sender permit_mynetworks
                  reject_unauth_destination permit
                  soft_bounce = no
                  strict_rfc821_envelopes = yes
                  transport_maps = hash:/etc/postfix/transport
                  unknown_client_reject_code = 554
                  unknown_local_recipient_reject_code = 550

                  --- GoldED+/LNX 1.1.5/080731
                  * Origin: The Wizard is using MBSE/Linux (2:280/1018)
                Your message has been successfully submitted and would be delivered to recipients shortly.