Loading ...
Sorry, an error occurred while loading the content.

Re: rejecting clients greeting me with my own name

Expand Messages
  • Wietse Venema
    ... I see that all the time. For me, blocking helo with with $inet_interfaces/$myhostname is not sufficient, since Postfix does not know everything. More
    Message 1 of 21 , Oct 4, 2010
    • 0 Attachment
      Ralf Hildebrandt:
      > > With YOUR IP ? That's highly unlikely, to the point of unbelievability.
      >
      > I've seen those as well; not from within my networks, but yes. I've
      > seen them!

      I see that all the time.

      For me, blocking helo with with $inet_interfaces/$myhostname is
      not sufficient, since Postfix does not know everything.

      More useful is to block any helo name/address that resolves to an
      address on the local network when the client is elsewhere, but
      that is not as simple as suggested in this thread.

      Wietse
    • fakessh
      i hijacked the server with the null sender and the valid recipient the mail go home nb : hey madduck ... --
      Message 2 of 21 , Oct 4, 2010
      • 0 Attachment
        i hijacked the server with the null sender
        and the valid recipient
        the mail go home

        <anonymous>

        nb : hey madduck
        Le lundi 04 octobre 2010 à 20:44 +0200, martin f krafft a écrit :
        > also sprach Charles Marcus <CMarcus@...> [2010.10.04.2029 +0200]:
        > > > Yes, with my IP.
        > >
        > > So your server is hacked?
        >
        > I am talking about the argument to HELO/EHLO. No, my server is not
        > hacked.
        >
        --
        http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7


        gpg --keyserver pgp.mit.edu --recv-key 092164A7
      • Jeroen Geilman
        ... The OP says in so many words that he sees connections WITH HIS IP: who apparently connect to the MX *with the IP* This does not happen.
        Message 3 of 21 , Oct 4, 2010
        • 0 Attachment
          On 10/04/2010 08:31 PM, Ralf Hildebrandt wrote:
          > * Jeroen Geilman<jeroen@...>:
          >
          >> The real client IP ? That can't be trivially spoofed, and so would
          >>>> actually BE your server.
          >>>>
          >>> I have seen clients who apparently connect to my MX with the IP and
          >>> then send the IP after HELO.
          >>>
          >> With YOUR IP ? That's highly unlikely, to the point of unbelievability.
          >>
          > I've seen those as well; not from within my networks, but yes. I've
          > seen them!
          >
          >

          The OP says in so many words that he sees connections WITH HIS IP: "who
          apparently connect to the MX *with the IP*"

          This does not happen.
        • mouss
          ... not really, except in your apparently simple environment. I have a lot more IPs that I would include in the check, that postfix has no idea where they come
          Message 4 of 21 , Oct 4, 2010
          • 0 Attachment
            Le 04/10/2010 17:49, martin f krafft a écrit :
            > also sprach Noel Jones<njones@...> [2010.10.04.0507 +0200]:
            >> Lots easier to just use
            >> /^myhostname(\.mydomain)?$/ REJECT don't use my hostname
            > Thanks to everyone who responded. I am now going the suggested way.
            >
            > However, it occurs to me that this is something postfix could be
            > trivially doing itself, e.g.
            >
            > smtpd_helo_restrictions =
            > […]
            > reject_my_hostname
            > reject_my_ipaddress
            >
            > since it has those data available. Is this something worth pursuing?

            not really, except in your apparently simple environment. I have a lot
            more IPs that I would include in the check, that postfix has no idea
            where they come from. and besides, I didn't see that check catch
            anything that isn't caught by other more effective checks. so I removed
            the call to the map.
          • mouss
            ... OP talks about clients helo ing with his IP, not connections coming from someone who spoofed his IP.
            Message 5 of 21 , Oct 4, 2010
            • 0 Attachment
              Le 04/10/2010 21:10, Jeroen Geilman a écrit :
              > On 10/04/2010 08:31 PM, Ralf Hildebrandt wrote:
              >> * Jeroen Geilman<jeroen@...>:
              >>> The real client IP ? That can't be trivially spoofed, and so would
              >>>>> actually BE your server.
              >>>> I have seen clients who apparently connect to my MX with the IP and
              >>>> then send the IP after HELO.
              >>> With YOUR IP ? That's highly unlikely, to the point of unbelievability.
              >> I've seen those as well; not from within my networks, but yes. I've
              >> seen them!
              >>
              >
              > The OP says in so many words that he sees connections WITH HIS IP:
              > "who apparently connect to the MX *with the IP*"
              >
              > This does not happen.
              >
              >

              OP talks about clients helo'ing with his IP, not connections coming from
              someone who spoofed his IP.
            • Stan Hoeppner
              ... Is this remotely plausible if he s behind a really funky NAT/masquerade? I ve seen some junk quality NAT boxes present the inside private NAT address as
              Message 6 of 21 , Oct 4, 2010
              • 0 Attachment
                Jeroen Geilman put forth on 10/4/2010 2:10 PM:

                > The OP says in so many words that he sees connections WITH HIS IP: "who
                > apparently connect to the MX *with the IP*"
                >
                > This does not happen.

                Is this remotely plausible if he's behind a really funky NAT/masquerade?

                I've seen some junk quality NAT boxes present the inside private NAT
                address as the remote client host address after translation, but I've
                never seen one that presented the internal host's address to itself as
                the remote client address.

                --
                Stan
              • Jeroen Geilman
                ... Well excuse me, again, but he obviously did. Re-quoting: I have seen clients who apparently connect to my MX with the IP How does that translate to
                Message 7 of 21 , Oct 6, 2010
                • 0 Attachment
                  On 10/04/2010 10:55 PM, mouss wrote:
                  > Le 04/10/2010 21:10, Jeroen Geilman a écrit :
                  >> On 10/04/2010 08:31 PM, Ralf Hildebrandt wrote:
                  >>> * Jeroen Geilman<jeroen@...>:
                  >>>> The real client IP ? That can't be trivially spoofed, and so would
                  >>>>>> actually BE your server.
                  >>>>> I have seen clients who apparently connect to my MX with the IP and
                  >>>>> then send the IP after HELO.
                  >>>> With YOUR IP ? That's highly unlikely, to the point of
                  >>>> unbelievability.
                  >>> I've seen those as well; not from within my networks, but yes. I've
                  >>> seen them!
                  >>>
                  >>
                  >> The OP says in so many words that he sees connections WITH HIS IP:
                  >> "who apparently connect to the MX *with the IP*"
                  >>
                  >> This does not happen.
                  >>
                  >>
                  >
                  > OP talks about clients helo'ing with his IP, not connections coming
                  > from someone who spoofed his IP.
                  >
                  >

                  Well excuse me, again, but he obviously did.

                  Re-quoting: "I have seen clients who apparently connect to my MX with
                  the IP "

                  How does that translate to anything else than what I said ?

                  --
                  J.
                Your message has been successfully submitted and would be delivered to recipients shortly.