Loading ...
Sorry, an error occurred while loading the content.

Re: Block messages from *.mydomain.dom

Expand Messages
  • Yeray Gutiérrez Cedrés
    ... Of course not. I have the same problem in my organization with forged emails coming from my own domain. That s why I asked. In my case, we have a
    Message 1 of 34 , Aug 28 12:54 AM
    • 0 Attachment
      On Fri, Aug 28, 2009 at 3:22 AM, Sahil Tandon<sahil@...> wrote:
      > On Thu, 27 Aug 2009, Yeray Gutiérrez Cedrés wrote:
      >
      >> On Thu, Aug 27, 2009 at 4:29 AM, Voytek Eymont<lists@...> wrote:
      >> >
      >> > On Wed, August 26, 2009 5:49 am, ghe wrote:
      >> >
      >> >> I've done this by declaring my own internal domain names: slsware.dmz
      >> >> and .lan in the 192.168 1918 IP block and adding them to mynetworks. Then I
      >> >> just reject all mail from my .com domain by putting "check_helo_access
      >> >> hash:/etc/postfix/helo_checks" very early in the
      >> >> smtpd_recipient_restrictions:
      >> >
      >> >>> # This file has to be "compiled" with postmap
      >> >>> # postmap hash:/etc/postfix/helo_checks ; postfix reload
      >> >>>
      >> >>>
      >> >>> localhost            REJECT  You are not localhost slsware.com               REJECT  No, no, no.
      >> >>> You send *to* slsware.com
      >> >>> .slsware.com         REJECT  No, no, no. You send *to* slsware.com
      >> >
      >> What if the spammer does the following?
      >>
      >> EHLO mail.otherdomain.com
      >> MAIL FROM: glenn@...
      >> RCPT TO:person@...
      >>
      >> In that case, would the forged email be rejected with check_helo_access?
      >
      > Of course not.  Was that a joke?

      Of course not. I have the same problem in my organization with forged
      emails coming from my own domain. That's why I asked. In my case, we
      have a check_sender_access list (with LDAP) in
      smtpd_sender_restrictions:


      smtpd_sender_restrictions =
      reject_invalid_hostname,
      reject_non_fqdn_sender,
      reject_non_fqdn_recipient,
      reject_unknown_sender_domain,
      reject_unknown_recipient_domain,
      check_sender_access ldap:/etc/postfix/allowed_sender_addresses.cf,
      reject


      I also have to allow external hosts (out of my organization intranet)
      to send email, for example, a person from my organization who sends
      and receives email via an smtp/pop3 client from his home or another
      location. That's why I couldn't use the mynetworks/check_helo_access
      solution. A spammer using mail.otherdomain.com in EHLO and
      postmaster@... (that exists in the LDAP database) in
      MAIL FROM: would succeed in sending the forged email.

      That's why I wonder if there's a solution that matchs my configuration
      or if I would have to redesign the restrictions strategy somehow.

      I also use spamassassin with amavis-new to try to prevent spam.

      >
      > --
      > Sahil Tandon <sahil@...>
      >
    • Yeray Gutiérrez Cedrés
      ... Of course not. I have the same problem in my organization with forged emails coming from my own domain. That s why I asked. In my case, we have a
      Message 34 of 34 , Aug 28 12:54 AM
      • 0 Attachment
        On Fri, Aug 28, 2009 at 3:22 AM, Sahil Tandon<sahil@...> wrote:
        > On Thu, 27 Aug 2009, Yeray Gutiérrez Cedrés wrote:
        >
        >> On Thu, Aug 27, 2009 at 4:29 AM, Voytek Eymont<lists@...> wrote:
        >> >
        >> > On Wed, August 26, 2009 5:49 am, ghe wrote:
        >> >
        >> >> I've done this by declaring my own internal domain names: slsware.dmz
        >> >> and .lan in the 192.168 1918 IP block and adding them to mynetworks. Then I
        >> >> just reject all mail from my .com domain by putting "check_helo_access
        >> >> hash:/etc/postfix/helo_checks" very early in the
        >> >> smtpd_recipient_restrictions:
        >> >
        >> >>> # This file has to be "compiled" with postmap
        >> >>> # postmap hash:/etc/postfix/helo_checks ; postfix reload
        >> >>>
        >> >>>
        >> >>> localhost            REJECT  You are not localhost slsware.com               REJECT  No, no, no.
        >> >>> You send *to* slsware.com
        >> >>> .slsware.com         REJECT  No, no, no. You send *to* slsware.com
        >> >
        >> What if the spammer does the following?
        >>
        >> EHLO mail.otherdomain.com
        >> MAIL FROM: glenn@...
        >> RCPT TO:person@...
        >>
        >> In that case, would the forged email be rejected with check_helo_access?
        >
        > Of course not.  Was that a joke?

        Of course not. I have the same problem in my organization with forged
        emails coming from my own domain. That's why I asked. In my case, we
        have a check_sender_access list (with LDAP) in
        smtpd_sender_restrictions:


        smtpd_sender_restrictions =
        reject_invalid_hostname,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unknown_sender_domain,
        reject_unknown_recipient_domain,
        check_sender_access ldap:/etc/postfix/allowed_sender_addresses.cf,
        reject


        I also have to allow external hosts (out of my organization intranet)
        to send email, for example, a person from my organization who sends
        and receives email via an smtp/pop3 client from his home or another
        location. That's why I couldn't use the mynetworks/check_helo_access
        solution. A spammer using mail.otherdomain.com in EHLO and
        postmaster@... (that exists in the LDAP database) in
        MAIL FROM: would succeed in sending the forged email.

        That's why I wonder if there's a solution that matchs my configuration
        or if I would have to redesign the restrictions strategy somehow.

        I also use spamassassin with amavis-new to try to prevent spam.

        >
        > --
        > Sahil Tandon <sahil@...>
        >
      Your message has been successfully submitted and would be delivered to recipients shortly.