Spam Help Forged headers

Chris Funk Thu, 04 Dec 2008 09:56:02 -0800

Hi All,

I am getting a lot of spam with forged addresses in the From: header. They
are forging it with our domain addresses.  Here is an example:


To: <[EMAIL PROTECTED]>
Subject: Your Order
From: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Importance: High
Content-Type: text/html
Message-ID: <[EMAIL PROTECTED]>
Date: Thu, 4 Dec 2008 08:40:35 -0700

Here is the result of postconf | grep restrict

[EMAIL PROTECTED] postfix]# postconf | grep restrict

smtpd_client_restrictions =

smtpd_data_restrictions = reject_unauth_pipelining

smtpd_end_of_data_restrictions =

smtpd_etrn_restrictions =

smtpd_helo_restrictions = permit_mynetworks,
 permit_sasl_authenticated,
 check_helo_access hash:/etc/postfix/helo_access, reject_invalid_hostname,
 reject_non_fqdn_hostname, permit

smtpd_recipient_restrictions = permit_mynetworks,
 permit_sasl_authenticated,
 check_sender_access hash:/etc/postfix/sender_access,
 reject_non_fqdn_recipient,
 reject_unknown_recipient_domain,
 reject_rbl_client sbl.spamhaus.org,
 reject_rbl_client list.dsbl.org,
 reject_unauth_pipelining,
 reject_unauth_destination

smtpd_restriction_classes =
***********************************************
/etc/postfix/sender_access

us-reports.com   554   SPAM

my.ip.add.res   554   SPAM

I tried setting up a header check that rejected anything from  *.
us-reports.com in the From:

Obviously not a good thing to do as then no one internally could send mail.

Is there anything I can do that would say,  If the From: address is *@
us-reports.com and it is not from mynetworks then REJECT it?

The check_sender_access option is working great for the MAIL FROM: header,
but that isn't catching these other ones.

Thanks for any pointers on this.

Postfix version 2.2.10

Chris

Spam Help Forged headers

Reply via email to