Loading ...
Sorry, an error occurred while loading the content.

Re: Spoofing problem

Expand Messages
  • Noel Jones
    ... [please post in plain text only next time] The above is the envelope sender. You can configure postfix to reject your own domain in the envelope sender
    Message 1 of 5 , May 2, 2011
    • 0 Attachment
      On 5/2/2011 1:21 PM, R F wrote:
      > I thought I had this one fixed a while back but apparently
      > not. I want to reject emails like this that are sent from one
      > person but claim to be another. Ideas? Notice the first line
      > and the last line:
      >
      > From rseem@... <mailto:rseem@...> Sun May 1
      > 16:37:58 2011
      > Return-Path: <rseem@... <mailto:rseem@...>>

      [please post in plain text only next time]

      The above is the envelope sender. You can configure postfix
      to reject your own domain in the envelope sender from outside
      mail. See numerous posts on this in the archives.
      This will reject legit mail, but probably not a great amount.
      Pick your pain threshold.


      > From: <shara@... <mailto:shara@...>>,
      > <listserver@... <mailto:listserver@...>>,
      > <erik@... <mailto:erik@...>>,
      > <gammalist@... <mailto:gammalist@...>>
      >
      > Thanks for any ideas.

      This is the From: header, which is what is typically displayed
      when you read the mail.

      (and multiple addresses in the From: header is allowed,
      although unusual. but there should be a Sender: header if
      there are multiple From:)

      Fortunately, postfix has no feature to compare headers with
      envelope information. Such comparison will likely reject a
      great deal of legit mail (such as this message).

      You could probably convince SpamAssassin or some milter to do
      such comparison if you're determined, but that doesn't make it
      a good idea.

      Your efforts would be better spent on finding more reliable
      ways to detect spam. Browse the archives for ideas.



      -- Noel Jones
    • R F
      ... That is probably something to try, unfortunately have tried google on this but I can t find anything but your post. Can you point me out something?
      Message 2 of 5 , May 2, 2011
      • 0 Attachment
        >
        > The above is the envelope sender.  You can configure postfix to reject your own domain in the envelope sender from outside mail.  See numerous posts on this in the archives.
        > This will reject legit mail, but probably not a great amount.  Pick your pain threshold.

        That is probably something to try, unfortunately have tried google on
        this but I can't find anything but your post. Can you point me out
        something?
      • Noel Jones
        ... The idea is to allow authorized users first -- mynetworks and SASL authenticated -- then reject anyone else using your domain as the sender. A bare-bones
        Message 3 of 5 , May 2, 2011
        • 0 Attachment
          On 5/2/2011 7:10 PM, R F wrote:
          >>
          >> The above is the envelope sender. You can configure postfix to reject your own domain in the envelope sender from outside mail. See numerous posts on this in the archives.
          >> This will reject legit mail, but probably not a great amount. Pick your pain threshold.
          >
          > That is probably something to try, unfortunately have tried google on
          > this but I can't find anything but your post. Can you point me out
          > something?

          The idea is to allow authorized users first -- mynetworks and
          SASL authenticated -- then reject anyone else using your
          domain as the sender. A bare-bones example:

          # main.cf
          smtpd_recipient_restrictions =
          permit_mynetworks
          # uncomment next line if you use SASL
          # permit_sasl_authenticated
          reject_unauth_destination
          check_sender_access hash:/etc/postfix/sender_access


          # sender_access
          my.example.com REJECT sender domain not authorized


          - remember to issue "postfix reload" after editing main.cf.
          - remember to "postmap sender_access" after editing it.



          -- Noel Jones
        Your message has been successfully submitted and would be delivered to recipients shortly.