On 10/18/2012 8:59 PM, Steven Kiehl wrote: > This is great information on some options I should look into > further, however adding the "smtpd_reject_unlisted_sender" > option doesn't seem to eliminate the problem.
[This is OT for the dovecot list, and my last post in this thread. Please send all followups to the appropriate postfix, amavisd-new, or spamassassin list in consideration of other list members. Thank you.] smtpd_reject_unlisted_sender works with the envelope address; this option has no effect on headers. > What these spammers are doing is forging the "from" header to be > a full address like "account...@mydomain.com > <mailto:account...@mydomain.com>" Possible, but I doubt it. The only way you'll ever see the more likely original "From: accounting" header is by running postfix in debug mode (which is not recommended) or by using a tcp sniffer in front of postfix. That's why I recommend setting "remote_header_rewrite_domain = domain.invalid". Also, this setting requires a non-ancient postfix, but I don't remember which version; if it shows up in "postconf -n" output, you're OK. > and they are sending to a real address like > "webmas...@mydomain.com <mailto:webmas...@mydomain.com>". So even > if the envelope sender is valid or coming from an outside domain, > the visible originating from address is invalid and is in my own > domain. And I'm absolutely positive any mail received from these > forged from addresses are spam that shouldn't even be delivered. If there are a few frequently-abused addresses, you can add them to a header_checks rule. But don't get too tied up in wack-a-mole header_checks; that's a great time waster for limited benefit. > This is also complicated further by the use of virtual domains and > virtual alias mapping (all sql based) in the Postfix > configuration. Some of my problem may be that Postfix might not > be able to get a comprehensive list of valid mailboxes and aliases > to deliver to the virtual transport. I've tried to define the > virtual mailbox maps, but every time I do that the aliases stop > working. If your postfix is not able to properly validate recipients, you should ask about that on the postfix list. That is a serious problem. http://www.postfix.org/DEBUG_README.html#mail The point you're missing is that there is no way to validate the From: header. Look at other features of the unwanted mail for ways to reject it. -- Noel Jones
