I had noticed his sending IP.
Now, how do I prevent him from abusing my server ? How is it possible he can
send from my server when he's not in my_networks ?
Can I prevent him from spoofing the sender mailaddress ?
I'm posting a bit from my main.cf , maybe I've got it wrong :
Some pointers would be higly appreciated
# ********** JUNK / SPAM Filtering OPTIONS
**************************************
# The correct appearance here is:
# Header / Body restrictions
# Client hostname/ip restrictions
# HELO restrictions
# Sender Address restrictions
# Recipient restricitons (mail to)
#
****************************************************************************
***
# ***************** HEADER/BODY CHECKS
*******************************************
# Note by Jaap : Here we could insert header, Mime header and body checks to
block stuff from mail like
# Spamwords, links, certain types of extentions etc.
# We don't use this feature, we trust amavis to do this for us. man
header_checks for more info -> ah an exception :
# some porn spammer we're trying to block with MIME headers :
#
****************************************************************************
*****
mime_header_checks = regexp:/etc/postfix/mime_header_checks
# experiment with this option for security : allow_percent_hack
# Enable the rewriting of the form "user%domain" to "[EMAIL PROTECTED]". This is
enabled by default.
allow_percent_hack = no
# this option will disable the verify command, used by some hackers
disable_vrfy_command = yes
# ***************** CLIENT RESTRICTIONS
*******************************************
# Allow connections from trusted networks only.
smtpd_client_restrictions = permit_mynetworks, reject_unauth_pipelining
#
****************************************************************************
*****
# ********************* HELO RESTRICTIONS
*****************************************
# Don't talk to mail systems that don't know their own hostname.
smtpd_helo_required = yes
reject_non_fqdn_helo_hostname = yes
reject_invalid_helo_hostname = yes
smtpd_helo_restrictions =
permit_mynetworks,
reject_unauth_pipelining,
reject_invalid_hostname,
check_helo_access hash:/etc/postfix/helo_access
strict_rfc821_envelopes = yes
#
****************************************************************************
****
# ********************* SENDER RESTRICTIONS
*****************************************
# Allow SMTP logins from these addresses :
# smtpd_sender_login_maps =
proxy:mysql:/etc/postfix/mysql-sender-address-match.cf
# Don't accept mail from domains that don't exist,or are blacklisted
smtpd_sender_restrictions =
permit_sasl_authenticated,
check_sender_access hash:/etc/postfix/access_sender,
reject_sender_login_mismatch,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
permit_mynetworks,
#
****************************************************************************
****
# ********************* RECIPIENT RESTRICTIONS
*****************************************
smtpd_reject_unlisted_recipient = yes
smtpd_recipient_restrictions =
permit_sasl_authenticated,
check_recipient_access hash:/etc/postfix/access_recipient,
reject_invalid_hostname,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
permit_mynetworks,
reject_unauth_destination,
reject_rbl_client zombie.dnsbl.sorbs.net,
reject_rbl_client list.dsbl.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client multihop.dsbl.org,
reject_rbl_client dnsbl.njabl.org,
reject_rbl_client all.spamrats.com
reject_rbl_client cbl.abuseat.org,
reject_rbl_client blackholes.easynet.nl,
reject_rbl_client proxies.blackholes.wirehub.net,
reject_rbl_client ix.dnsbl.manitu.net,
permit
# experimented with cluebringer (policyd v2.x) but it had problems,
had some DB issues (slowness MSQL) with the old
# version, so now it's disabled all together.
# check_policy_service inet:127.0.0.1:10031
# check_policy_service inet:127.0.0.1:10033
#
****************************************************************************
****
smtpd_data_restrictions = reject_unauth_pipelining
-----Original Message-----
From: Wietse Venema [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 11, 2008 10:07 AM
To: Jaap Westerbeek
Cc: postfix-users@postfix.org
Subject: Re: Spammers abusing my postfix box
Jaap Westerbeek:
> Received: from User (unknown [64.129.70.219])
> by mail01.cq-link.sr (Postfix) with ESMTP id D8AFD5F4526;
> Fri, 7 Nov 2008 18:55:47 -0300 (SRT)
There's your spammer.
Wietse
--
I am using the free version of SPAMfighter.
We are a community of 5.6 million users fighting spam.
SPAMfighter has removed 920 of my spam emails to date.
Get the free SPAMfighter here: http://www.spamfighter.com/len
The Professional version does not have this message
