Loading ...
Sorry, an error occurred while loading the content.

rejecting forged emails

Expand Messages
  • Vernon A. Fort
    I m trying to find a way to block/reject inbound messages forging our internal email addresses. Meaning their inbound messages using MY email address but
    Message 1 of 6 , Apr 1 9:22 AM
    • 0 Attachment
      I'm trying to find a way to block/reject inbound messages forging our
      internal email addresses. Meaning their inbound messages using MY email
      address but there not originating from my server.

      I cannot seem to find the correct solution. Anyone.

      Vernon
    • Drizzt
      ... With restriction classes you can drop this spoofing. Key is to first seperate your own server(s) (e.g. by giving them an OK before this check). Afterwards
      Message 2 of 6 , Apr 1 9:36 AM
      • 0 Attachment
        On 2011-04-01 11:22:04 (-0500), Vernon A. Fort <vfort@...> wrote:
        > I'm trying to find a way to block/reject inbound messages forging our
        > internal email addresses. Meaning their inbound messages using MY email
        > address but there not originating from my server.
        >
        > I cannot seem to find the correct solution. Anyone.
        >
        > Vernon
        >

        With restriction classes you can drop this spoofing.
        Key is to first seperate your own server(s) (e.g. by giving them an OK
        before this check). Afterwards if the sender-domain matches any of your
        domain it must be spoofing (as only external servers reach this check)
        and you can just reject it.
      • Noel Jones
        ... No need for a restriction class. Just blacklist your own domain after permit_mynetworks, permit_sasl_authenticated. Note: this may reject a small amount
        Message 3 of 6 , Apr 1 11:17 AM
        • 0 Attachment
          On 4/1/2011 11:36 AM, Drizzt wrote:
          > On 2011-04-01 11:22:04 (-0500), Vernon A. Fort<vfort@...> wrote:
          >> I'm trying to find a way to block/reject inbound messages forging our
          >> internal email addresses. Meaning their inbound messages using MY email
          >> address but there not originating from my server.
          >>
          >> I cannot seem to find the correct solution. Anyone.
          >>
          >> Vernon
          >>
          >
          > With restriction classes you can drop this spoofing.
          > Key is to first seperate your own server(s) (e.g. by giving them an OK
          > before this check). Afterwards if the sender-domain matches any of your
          > domain it must be spoofing (as only external servers reach this check)
          > and you can just reject it.
          >
          >
          >

          No need for a restriction class. Just blacklist your own
          domain after permit_mynetworks, permit_sasl_authenticated.

          Note: this may reject a small amount of legit mail.

          a quick example:

          # main.cf
          smtpd_recipient_restrictions =
          permit_mynetworks
          # NOTE: remove the next line if not using SASL
          permit_sasl_authenticated
          reject_unauth_destination
          check_sender_access hash:/etc/postfix/sender_access
          ... other local checks ...


          # sender_access
          # replace example.com with your own domain name
          example.com REJECT only authorized senders may use this address


          remember to execute "postfix reload" after editing main.cf.
          remember to execute "postmap sender_access" after editing it.




          -- Noel Jones
        • Vernon A. Fort
          ... This check the envelope sender, correct? The Return-path: is an external address. Its the From: in the message header i am battling with. I assume its a
          Message 4 of 6 , Apr 1 11:33 AM
          • 0 Attachment
            On Fri, 2011-04-01 at 13:17 -0500, Noel Jones wrote:
            > On 4/1/2011 11:36 AM, Drizzt wrote:
            > > On 2011-04-01 11:22:04 (-0500), Vernon A. Fort<vfort@...> wrote:
            > >> I'm trying to find a way to block/reject inbound messages forging our
            > >> internal email addresses. Meaning their inbound messages using MY email
            > >> address but there not originating from my server.
            >
            > a quick example:
            >
            > # main.cf
            > smtpd_recipient_restrictions =
            > permit_mynetworks
            > # NOTE: remove the next line if not using SASL
            > permit_sasl_authenticated
            > reject_unauth_destination
            > check_sender_access hash:/etc/postfix/sender_access
            > ... other local checks ...
            >
            > -- Noel Jones

            This check the envelope sender, correct? The Return-path: is an
            external address. Its the From: in the message header i am battling
            with. I assume its a header_check but it would have to be some for of
            IF <my address> AND NOT received from mynetworks, REJECT.

            its spam and the FROM and TO are identical, i.e. from me and to me.

            Vernon
          • Jerry
            On Fri, 01 Apr 2011 13:33:15 -0500 ... I have used postfwd to alleviate that problem. http://postfwd.org/ -- Jerry ✌ postfix-user@seibercom.net
            Message 5 of 6 , Apr 1 11:49 AM
            • 0 Attachment
              On Fri, 01 Apr 2011 13:33:15 -0500
              Vernon A. Fort <vfort@...> articulated:

              > On Fri, 2011-04-01 at 13:17 -0500, Noel Jones wrote:
              > > On 4/1/2011 11:36 AM, Drizzt wrote:
              > > > On 2011-04-01 11:22:04 (-0500), Vernon A.
              > > > Fort<vfort@...> wrote:
              > > >> I'm trying to find a way to block/reject inbound messages
              > > >> forging our internal email addresses. Meaning their inbound
              > > >> messages using MY email address but there not originating from
              > > >> my server.
              > >
              > > a quick example:
              > >
              > > # main.cf
              > > smtpd_recipient_restrictions =
              > > permit_mynetworks
              > > # NOTE: remove the next line if not using SASL
              > > permit_sasl_authenticated
              > > reject_unauth_destination
              > > check_sender_access hash:/etc/postfix/sender_access
              > > ... other local checks ...
              > >
              > > -- Noel Jones
              >
              > This check the envelope sender, correct? The Return-path: is an
              > external address. Its the From: in the message header i am battling
              > with. I assume its a header_check but it would have to be some for of
              > IF <my address> AND NOT received from mynetworks, REJECT.
              >
              > its spam and the FROM and TO are identical, i.e. from me and to me.

              I have used "postfwd" to alleviate that problem.

              http://postfwd.org/

              --
              Jerry ✌
              postfix-user@...
              _____________________________________________________________________
              TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail
              TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html
            • Noel Jones
              ... No, checking the From: header will have a very high false positive rate, such as your posts to this and other mail lists. You can use something like that
              Message 6 of 6 , Apr 1 12:08 PM
              • 0 Attachment
                On 4/1/2011 1:33 PM, Vernon A. Fort wrote:
                > On Fri, 2011-04-01 at 13:17 -0500, Noel Jones wrote:
                >> On 4/1/2011 11:36 AM, Drizzt wrote:
                >>> On 2011-04-01 11:22:04 (-0500), Vernon A. Fort<vfort@...> wrote:
                >>>> I'm trying to find a way to block/reject inbound messages forging our
                >>>> internal email addresses. Meaning their inbound messages using MY email
                >>>> address but there not originating from my server.
                >>
                >> a quick example:
                >>
                >> # main.cf
                >> smtpd_recipient_restrictions =
                >> permit_mynetworks
                >> # NOTE: remove the next line if not using SASL
                >> permit_sasl_authenticated
                >> reject_unauth_destination
                >> check_sender_access hash:/etc/postfix/sender_access
                >> ... other local checks ...
                >>
                >> -- Noel Jones
                >
                > This check the envelope sender, correct? The Return-path: is an
                > external address. Its the From: in the message header i am battling
                > with. I assume its a header_check but it would have to be some for of
                > IF<my address> AND NOT received from mynetworks, REJECT.
                >
                > its spam and the FROM and TO are identical, i.e. from me and to me.
                >
                > Vernon
                >

                No, checking the From: header will have a very high false
                positive rate, such as your posts to this and other mail lists.

                You can use something like that in SpamAssassin as a
                low-scoring rule or part of a meta rule that matches other
                spam signs.



                -- Noel Jones
              Your message has been successfully submitted and would be delivered to recipients shortly.