Loading ...
Sorry, an error occurred while loading the content.
 

How to allow mail relay when only for correct auth id + From: + Sender: combination ?

Expand Messages
  • jayesh shinde
    Hi , I am using the postfix-2.9.4-1.rhel5.x86_64 and smtplogin maps with auth feature. which Its working properly. Below is the working config from main.cf
    Message 1 of 6 , Jun 6, 2013
      Hi ,

      I am using the postfix-2.9.4-1.rhel5.x86_64 and smtplogin maps with auth feature.  which  Its working properly.
      Below is the working config from main.cf :--

      smtpd_sender_login_maps = hash:/etc/postfix/smtploginmaps

      smtpd_sender_restrictions =
         permit_mynetworks,
        reject_sender_login_mismatch

      This is working properly when sender auth and  From:  get differ , such emails get rejecting properly.  i.e its forcing auth ID and From: address always should be same.

      But now a days few of my users who are using the MS Outlook 2007  are start  sending the emails by changing the different  From: address and creating problem.
      The MS outlook have the feature where end user can use any other's email id in From:   For Example see  this Delegation - Sending Email 'On Behalf Of' on http://isservices.tcd.ie/email/exchange-outlook-usage.php   .

      When end user send email like this , the above
      smtpd_sender_login_maps setting is not working .  For more details see the below header in 2 different condition.


      1) Header , when email send as normal:--
      ---------------------------------------------------
      X-Envelope-From: <user1@...>

      Received: from user1 (unknown [10.14.13.20])
        (Authenticated sender: user1@...)
        by insmtp.example.com (Postfix) with ESMTPA id 6EF8A18D47AF
        for <jayesh.shinde@...>; Wed,  5 Jun 2013 17:01:35 +0530 (IST)

      From: "Firstname lastname" <user1@...>
      To: <jayesh.shinde@...>
      Subject: Normal email
      Date: Wed, 5 Jun 2013 17:01:39 +0530



      2) Header , when sender sent email with different From: address :--
      ------------------------------------------------------------------------------

      X-Envelope-From: <user1@...>

      Received: from user1 (unknown [10.14.13.20])

        (Authenticated sender: user1@...)
        by insmtp.example.com (Postfix) with ESMTPA id 4C52418D47D2
        for <jayesh.shinde@...>; Wed,  5 Jun 2013 17:03:32 +0530 (IST)

      From: "Firstname lastname" <forged-id@...>
      Sender: "Firstname lastname" <user1@...>
      To: <jayesh.shinde@...>
      Subject:  Sending with forged ID
      Date: Wed, 5 Jun 2013 17:03:36 +0530

      If you notice in above ,  the From: and Sender: is different

      How do I control such forged emails on postfix level , is there any option main.cf which can control this ?
      Or do i need to use some content filter for checking this.

      How to make sure and allow SMTP relay for the matched   auth id  + From:  + Sender:  ID combination  ?

      Please guide and suggest.

      Thanks

      Jayesh Shinde

      
      



      netCORE launches Falconide
      netCORE launches Falconide
      Cloud-based Delivery Engine for Triggered Emails
      Send 50,000 emails FREE for 1 month. Sign-up at www.netcore.in/falconide
    • Noel Jones
      ... Postfix has no mechanism to verify the contents of the From: header. I suppose you could get all BOFH about it and use header_checks to remove the From:
      Message 2 of 6 , Jun 6, 2013
        On 6/6/2013 3:47 AM, jayesh shinde wrote:
        > But now a days few of my users who are using the MS Outlook 2007
        > are start sending the emails by changing the different From:
        > address and creating problem.
        > The MS outlook have the feature where end user can use any other's
        > email id in From: For Example see this Delegation - Sending Email
        > 'On Behalf Of' on
        > http://isservices.tcd.ie/email/exchange-outlook-usage.php .

        Postfix has no mechanism to verify the contents of the From: header.

        I suppose you could get all BOFH about it and use header_checks to
        remove the From: header, and let postfix replace it with the sender
        address. But this isn't a good idea.


        -- Noel Jones
      • jayesh shinde
        Hi , Is there any alternative , how to stop if spammer / virus infected machine start sending such emails. Due to this outlook s On Behalf of option , one
        Message 3 of 6 , Jun 6, 2013
          Hi ,

          Is there any alternative , how to stop if spammer / virus infected machine start sending such emails. 
          Due to this  outlook's "On Behalf of" option , one of our end user created  the noise.  This option makes confusion , when the end recipient receive the emails and reply it.

          I came to know in exchange this can be control from server side.

          How the other experts are handling this kind of issue from server side.  I  am searching the option by which postfix  will allow SMTP relay only if  auth id + From: + Sender: are same.


          Regards
          Jayesh Shinde

           

          On 06/06/2013 06:20 PM, Noel Jones wrote:
          On 6/6/2013 3:47 AM, jayesh shinde wrote:
          
          But now a days few of my users who are using the MS Outlook 2007 
          are start  sending the emails by changing the different  From:
          address and creating problem.
          The MS outlook have the feature where end user can use any other's
          email id in From:   For Example see  this Delegation - Sending Email
          'On Behalf Of' on
          http://isservices.tcd.ie/email/exchange-outlook-usage.php   .
          
          Postfix has no mechanism to verify the contents of the From: header.
          
          I suppose you could get all BOFH about it and use header_checks to
          remove the From: header, and let postfix replace it with the sender
          address.  But this isn't a good idea.
          
          
            -- Noel Jones
          

          netCORE launches Falconide
          netCORE launches Falconide
          Cloud-based Delivery Engine for Triggered Emails
          Send 50,000 emails FREE for 1 month. Sign-up at www.netcore.in/falconide
        • Wietse Venema
          ... Rate limit your mail clients, so that they cannot send large amounts of email when they become infected. Then, you have less cleaning up to do.
          Message 4 of 6 , Jun 6, 2013
            jayesh shinde:
            > Hi ,
            >
            > Is there any alternative , how to stop if spammer / virus infected
            > machine start sending such emails.
            > Due to this outlook's "On Behalf of" option , one of our end user
            > created the noise. This option makes confusion , when the end
            > recipient receive the emails and reply it.
            >
            > I came to know in exchange this can be control from server side.
            >
            > How the other experts are handling this kind of issue from server side.
            > I am searching the option by which postfix will allow SMTP relay only
            > if auth id + From: + Sender: are same.

            Rate limit your mail clients, so that they cannot send large amounts
            of email when they become infected. Then, you have less cleaning
            up to do.

            http://www.postfwd.org/
            http://www.policyd.org/

            Wietse
          • Ron Scott-Adams
            IMHO, preventing emails with differing from and sender values is contradictory to valid usage of email. You are better off rate-limiting, as was already
            Message 5 of 6 , Jun 6, 2013
              IMHO, preventing emails with differing from and sender values is contradictory to valid usage of email. You are better off rate-limiting, as was already suggested, and employing better mail content analysis through policy servers.


              Ron Scott-Adams
              ron@...
              "We are stuck with technology when what we really want is just stuff that works." (Douglas Adams)





              On Jun 6, 2013, at 10:37 , wietse@... (Wietse Venema) wrote:

              > jayesh shinde:
              >> Hi ,
              >>
              >> Is there any alternative , how to stop if spammer / virus infected
              >> machine start sending such emails.
              >> Due to this outlook's "On Behalf of" option , one of our end user
              >> created the noise. This option makes confusion , when the end
              >> recipient receive the emails and reply it.
              >>
              >> I came to know in exchange this can be control from server side.
              >>
              >> How the other experts are handling this kind of issue from server side.
              >> I am searching the option by which postfix will allow SMTP relay only
              >> if auth id + From: + Sender: are same.
              >
              > Rate limit your mail clients, so that they cannot send large amounts
              > of email when they become infected. Then, you have less cleaning
              > up to do.
              >
              > http://www.postfwd.org/
              > http://www.policyd.org/
              >
              > Wietse
            • Bill Cole
              ... Postfix itself delegates complex policy enforcement to add-on software. For policies that require examination of message data (including headers) beyond
              Message 6 of 6 , Jun 6, 2013
                On 6 Jun 2013, at 9:33, jayesh shinde wrote:

                > Hi ,
                >
                > Is there any alternative , how to stop if spammer / virus infected
                > machine start sending such emails.
                > Due to this outlook's "On Behalf of" option , one of our end user
                > created the noise. This option makes confusion , when the end
                > recipient receive the emails and reply it.
                >
                > I came to know in exchange this can be control from server side.
                >
                > How the other experts are handling this kind of issue from server
                > side. I am searching the option by which postfix will allow SMTP
                > relay only if auth id + From: + Sender: are same.

                Postfix itself delegates complex policy enforcement to add-on software.
                For policies that require examination of message data (including
                headers) beyond the very simple header_checks and body_checks
                mechanisms, you can use any of the mechanisms documented in these files
                that are part of the standard distribution and also are on the
                postfix.org website:

                FILTER_README: The "After-Queue" filter interface
                SMTPD_PROXY_README: The "Before-Queue" filter interface
                MILTER_README: The "Milter" interface (using the Sendmail-originated
                Milter protocol)

                As an immigrant from the Sendmail world, I have continued the MIMEDefang
                Milter with Postfix for many years and haven't had any motivation to
                switch. It would be easy to write the code for MIMEDefang to implement
                your policy, if you have basic Perl competency. It is more common in the
                Postfix world to use the amavisd-new filter, which I believe can use
                either of the Postfix native interfaces and could be used to enforce
                your policy. Both of those are commonly used as aggregators of other
                packaged tools like anti-virus and anti-spam filters. Other Postfix
                filters are available and it isn't unreasonable to consider writing your
                own special-purpose filter for either of the native interfaces if you
                have a good understanding of SMTP/RFC822 mail. I can't recommend writing
                a Postfix filter to the Milter interface unless you have a need to hook
                the same software into Sendmail.
              Your message has been successfully submitted and would be delivered to recipients shortly.