Re: Added a Check - Asking for a Review
- On 2/28/2010 2:26 PM, Carlos Williams wrote:
> On Wed, Jan 20, 2010 at 10:34 AM, Ralf HildebrandtLearn to read the Received: headers.
> <Ralf.Hildebrandt@...> wrote:
>>> /^localhost$/ 550 Don't use my own domain (localhost)!
>>> /^iamghost.\com$/ 550 Don't use my own domain!
>>> /^64\.95\.64\.198$/ 550 Your spam was rejected because you're forging my IP.
>>> /^\[64\.95\.64\.198\]$/ 550 Your spam was rejected because you're forging my IP.
>>> /^mail\.iamghost.\com$/ 550 Don't use my own hostname!
>>> /^[0-9.-]+$/ 550 Your software is not RFC 2821
>>> compliant: EHLO/HELO must be a domain or an address-literal (IP enclosed in ) - not a naked IP.
>>> Beyond this file, does my main.cf file look correct to you?
>> Looks OK.
> Why did this email get through Postfix if my I followed Ralph's
> example of helo_checks.pcre'? I posted my postconf -n previously in
> this message and above you can see the contents of 'helo_checks.pcre'
> & I would think this would prevent anyone from sending mail to my
> Postfix server spoofing my domain in the headers. Am I wrong? I got
> the following email this weekend:
> X-Original-To: postmaster@...
> Delivered-To: postmaster@...
> Received: from localhost (localhost.localdomain [127.0.0.1])
> by mail.iamghost.com (Postfix) with ESMTP id EC5B277ADD6
> for<postmaster@...>; Sat, 27 Feb 2010 15:05:50 -0500 (EST)
> X-Virus-Scanned: amavisd-new at iamghost.com
> X-Spam-Flag: YES
> X-Spam-Score: 7.457
> X-Spam-Level: *******
> X-Spam-Status: Yes, score=7.457 tagged_above=-999 required=5
> tests=[BAYES_50=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457,
> RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033,
> RDNS_NONE=0.1] autolearn=no
> Received: from mail.iamghost.com ([127.0.0.1])
> by localhost (iamghost.com [127.0.0.1]) (amavisd-new, port 10024)
> with LMTP id awUEbrkCfcvq for<postmaster@...>;
> Sat, 27 Feb 2010 15:05:50 -0500 (EST)
> Received: from ambianceimports.com (unknown [22.214.171.124])
> by mail.iamghost.com (Postfix) with SMTP id 179C477ADB5
> for<postmaster@...>; Sat, 27 Feb 2010 15:05:48 -0500 (EST)
> Subject: ***SPAM*** Delivery Status Notification
> From: Inez<postmaster@...>
> MIME-Version: 1.0
> Content-Type: text/html; charset="ISO-8859-1"
> Content-Transfer-Encoding: 7bit
> Date: Sat, 27 Feb 2010 15:05:48 -0500 (EST)
> I thought this was the point of adding the 'helo_checks' but I think I
> am missing something. Can anyone please help explain what I did wrong
> or am missing? I think this email should have been prevented with:
> /^iamghost\.com$/ 550 Don't use my own domain
> The headers of this email show the spammer spoofed this email to come
> from 'postmaster@...'.
Received: from helo_hostname (client_hostname [client.ip])
by myname (Postfix) with SMTP id QUEUEID
for <recipient>; date
(the "for <recipient>" part is omitted if there is more than
Your check is for the helo_hostname, which is ambianceimports.com.
If you want to prevent your own domain as sender address in
outside mail, you'll need to add a check_sender_access map for
-- Noel Jones
> *Below is my output of 'postconf -n':
> address_verify_sender = $double_bounce_sender
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases, hash:/etc/mailman/aliases
> broken_sasl_auth_clients = yes
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> content_filter = amavisfeed:[127.0.0.1]:10024
> daemon_directory = /usr/libexec/postfix
> home_mailbox = Maildir/
> html_directory = no
> inet_interfaces = all
> mail_owner = postfix
> mailq_path = /usr/bin/mailq.postfix
> manpage_directory = /usr/share/man
> message_size_limit = 20480000
> mydestination = $myhostname, $mydomain, mail.$mydomain
> mydomain = iamghost.com
> myhostname = mail.iamghost.com
> mynetworks = $config_directory/mynetworks
> myorigin = $mydomain
> newaliases_path = /usr/bin/newaliases.postfix
> queue_directory = /var/spool/postfix
> recipient_delimiter = +
> relay_domains =
> sendmail_path = /usr/sbin/sendmail.postfix
> setgid_group = postdrop
> smtp_tls_security_level = may
> smtpd_banner = $myhostname ESMTP
> smtpd_delay_reject = yes
> smtpd_helo_required = yes
> smtpd_helo_restrictions = permit_mynetworks,
> permit_sasl_authenticated, reject_non_fqdn_helo_hostname,
> smtpd_recipient_restrictions = permit_mynetworks,
> permit_sasl_authenticated, reject_unauth_pipelining,
> reject_non_fqdn_recipient, reject_unknown_recipient_domain,
> reject_unauth_destination, reject_unlisted_recipient,
> check_policy_service unix:postgrey/socket, check_sender_access
> check_helo_access pcre:/etc/postfix/helo_checks.pcre,
> reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_path = private/auth
> smtpd_sasl_security_options = noanonymous
> smtpd_sasl_type = dovecot
> smtpd_sender_restrictions = permit_mynetworks,
> permit_sasl_authenticated, reject_non_fqdn_sender,
> reject_unknown_reverse_client_hostname, permit
> smtpd_tls_auth_only = yes
> smtpd_tls_cert_file = /etc/ssl/mail.crt
> smtpd_tls_key_file = /etc/ssl/mail.key
> smtpd_tls_loglevel = 1
> smtpd_tls_security_level = may
> smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache
> smtpd_tls_session_cache_timeout = 3600s
> tls_random_source = dev:/dev/urandom
> unknown_local_recipient_reject_code = 550