Re: Blocking Spam

[DJ Lucas]

bijayant kumar wrote:
Bijayant Kumar

--- On Tue, 6/1/09, DJ Lucas <d...@lucasit.com> wrote:

  
From: DJ Lucas <d...@lucasit.com>
Subject: Re: Blocking Spam
To: "postfix" <postfix-users@postfix.org>
Date: Tuesday, 6 January, 2009, 6:34 AM
bijayant kumar wrote:
    
Hello list,

Now a days we are getting lots of spam emails from our
      
own email-ids. I want to block this. I have tried to block
senders domains which are local and not doing smtp-auth.
While implementing I come across a new problem like, when I
rejected a spam coming from my own email-id from another
spam server, I got Bounce-Notification message also. As the
account(my email id) is local, it entitled to get the Bounce
Notification. How to overcome this issue? Any suggestion or
reading.
    
  
      
<SNIP>
    
I am trying to reject the mails which is coming from
      
a...@abc.com without smtp-authentication. It is being
rejected but the bounce message is getting delivered to
a...@abc.com as this domain and email is local. This is the
problem.
    
Bijayant Kumar
  
      
What is the source of the NDR (show headers if it is not
you) and 
why/how was the original message rejected (logs)?

    

I think I was not clear on my question. As we all know spammers uses the from 
address as our own email address and spamming like anything, right. In those 
emails from address and To address both are same. So, I tried to block those 
spams which are local and not doing smtp-authentication. I have tried to 
simulate the scenario on my local testing environments.
I have created a test domain kavach.com and a user bijay...@kavach.com. I have 
telneted on one another postfix installation and tried to send emails from 
bijay...@kavach.com to bijay...@kavach.com. What I observed the email is 
rejected as desired because it has sent without the smtp-authentication. But 
bijay...@kavach.com also received the bounce-notification message i.e 
undelivered mail returned to sender.

Postconf -n on test machine

mynetworks = 127.0.0.0/8
mynetworks_style = subnet
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.5.5/readme
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_recipient_restrictions = 
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
check_sender_access hash:/etc/postfix/access_sender
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
unknown_local_recipient_reject_code = 550

cat /etc/postfix/access_sender
kavach.com      REJECT
.kavach.com     REJECT

Mail-Log
I sent a mail from another postfix installation 

postfix/smtpd[14415]: connect from unknown[192.168.99.22]
postfix/smtpd[14415]: NOQUEUE: reject: RCPT from unknown[192.168.99.22]: 554 5.7.1 
<bijay...@kavach.com>: Sender address rejected: Access denied; from=<bijay...@kavach.com> 
to=<bijay...@kavach.com> proto=ESMTP helo=<test1.localdomain>
postfix/smtpd[14415]: disconnect from unknown[192.168.99.22]
postfix/smtpd[14415]: connect from unknown[192.168.99.22]
postfix/smtpd[14415]: 4C8ED7F68D: client=unknown[192.168.99.22]
postfix/cleanup[14421]: 4C8ED7F68D: 
message-id=<20090106054312.37623df...@test1.localdomain>
postfix/qmgr[14308]: 4C8ED7F68D: from=<>, size=2520, nrcpt=1 (queue active)
postfix/smtpd[14415]: disconnect from unknown[192.168.99.22]
postfix/virtual[14422]: 4C8ED7F68D: to=<bijay...@kavach.com>, relay=virtual, 
delay=0.05, delays=0.03/0.01/0/0.01, dsn=2.0.0, status=sent (delivered to maildir)

Hope I am clear this time.
  
Unfortunately, you did not ask a question, but using the logs will help 
the reader (me) to figure out what the question is. :-)  Right now, it 
is working perfectly as per your description.  192.168.99.22 is not the 
final destination, nor is it responsible for the sender of the message, 
but it accepted the message anyway, and sent it on to the final 
destination.  The destination correctly rejected it, as you configured 
it to do.  192.168.99.22 received the 550 message and notified the 
original sender (since it is not responsible for the sender, it notified 
the sever responsible for the sender with an NDR). 

I think your question revolves around 192.168.99.22 sending a bounce 
message.  The short answer is that it is misconfigured, in that it 
accepts mail that it should not accept.  If you do not want your relay 
server to bounce, then configure it not to accept messages from senders, 
or to recipients, that it is not responsible for.

If I've got it backwards, and you simply do not want to receive bounce 
messages, though it is generally considered a bad idea as it's against 
RFC, you can filter on the empty envelope sender (<>).  Standard 
disclaimer: DON'T DO THAT!  Somebody recently mentioned a DNSBL 
(ips.backscatterers.org I think, search for it) to use as a conditional 
aid, but that would do nothing about the 'problem' in this scenario, the 
first server (internal server) relaying a message that it should not have.

-- DJ Lucas


--
This message has been scanned for viruses and
dangerous content, and is believed to be clean.