Loading ...
Sorry, an error occurred while loading the content.

Re: block spam mail from lan

Expand Messages
  • Pol Hallen
    ... I don t understand. Situation: A real user using browser connect to squirrelmail and send a mail. It s ok. But if this user create a mail bomb using
    Message 1 of 8 , May 11, 2013
    • 0 Attachment
      > And the most effective countermeasure to spam originating from devices
      > on the LAN has nothing to do with Postfix. As most spamware in the wild
      > today still attempts to send direct-to-MX, simply creating a TCP 25
      > egress filter at your edge router/firewall will give the best bang for
      > the buck. This simply means creating a rule to drop all outbound TCP 25
      > connections except those originating from the IP of your Postfix MTA.

      I don't understand.

      Situation: A real user using browser connect to squirrelmail and send a
      mail. It's ok.

      But if this user create a mail bomb using squirrelmail how way to spam I
      can have this problem.

      If a drop port 25, user can send any mail.

      Or tell me what I don't understand.

      Thanks!
    • lists@rhsoft.net
      ... well, nothing can really prevent you from bad users with valid logins you can only mitigate the amount of spam until you recognize what happens and you
      Message 2 of 8 , May 11, 2013
      • 0 Attachment
        Am 11.05.2013 14:34, schrieb Pol Hallen:
        > I don't understand.
        >
        > Situation: A real user using browser connect to squirrelmail and send a
        > mail. It's ok.
        >
        > But if this user create a mail bomb using squirrelmail how way to spam I
        > can have this problem

        well, nothing can really prevent you from bad users with valid logins
        you can only mitigate the amount of spam until you recognize what
        happens and you shut down the user account

        the problem with webmail and such limitations is that you have
        always the same client-ip and if the values are too low it
        affects users which are not responsible for spam

        so the solution is get rid of untrustable users and/or force
        them at least to use a mail-client from their own IP/machine

        anvil_rate_time_unit = 1800s
        smtpd_client_connection_rate_limit = 50
        smtpd_client_recipient_rate_limit = 400
        smtpd_recipient_limit = 100
      • Benny Pedersen
        ... remove permit_mynetworks ?, so all need to use smtp auth via sasl, if you still see spam going out, you knwo what auth to close -- senders that put my
        Message 3 of 8 , May 11, 2013
        • 0 Attachment
          Pol Hallen skrev den 2013-05-10 19:45:
          > Hi folks!
          >
          > I'm newbie and I study postfix
          >
          > What I should be use to (check) and block attempt spam from my lan to
          > internet?

          remove permit_mynetworks ?, so all need to use smtp auth via sasl, if
          you still see spam going out, you knwo what auth to close

          --
          senders that put my email into body content will deliver it to my own
          trashcan, so if you like to get reply, dont do it
        • Benny Pedersen
          ... or make DNAT iptables rule so all outgoing port 25 will go to lan postfix server on port 25 not remote deliver to mx :) -- senders that put my email into
          Message 4 of 8 , May 11, 2013
          • 0 Attachment
            Stan Hoeppner skrev den 2013-05-10 21:25:
            > This simply means creating a rule to drop all outbound TCP 25
            > connections except those originating from the IP of your Postfix MTA.

            or make DNAT iptables rule so all outgoing port 25 will go to lan
            postfix server on port 25 not remote deliver to mx :)

            --
            senders that put my email into body content will deliver it to my own
            trashcan, so if you like to get reply, dont do it
          • Stan Hoeppner
            ... It would probably be best at this point for you to describe your network, your mail usage scenario, so we can give you targeted responses. I.e. is this a
            Message 5 of 8 , May 11, 2013
            • 0 Attachment
              On 5/11/2013 7:34 AM, Pol Hallen wrote:
              >> And the most effective countermeasure to spam originating from devices
              >> on the LAN has nothing to do with Postfix. As most spamware in the wild
              >> today still attempts to send direct-to-MX, simply creating a TCP 25
              >> egress filter at your edge router/firewall will give the best bang for
              >> the buck. This simply means creating a rule to drop all outbound TCP 25
              >> connections except those originating from the IP of your Postfix MTA.
              >
              > I don't understand.
              >
              > Situation: A real user using browser connect to squirrelmail and send a
              > mail. It's ok.
              >
              > But if this user create a mail bomb using squirrelmail how way to spam I
              > can have this problem.
              >
              > If a drop port 25, user can send any mail.
              >
              > Or tell me what I don't understand.

              It would probably be best at this point for you to describe your
              network, your mail usage scenario, so we can give you targeted
              responses. I.e. is this a

              1. typical office environment mail server
              2. SOHO or personal server
              3. university mail server
              4. ISP mail server

              --
              Stan
            Your message has been successfully submitted and would be delivered to recipients shortly.