On Thu, Jan 08, 2009 at 06:17:44AM +0100, Bas van Reeuwijk wrote:
> Good morning all,
>
> Over the last couple of days I've been at work trying to secure my postfix
> mail-server. It's a small private e-mail server.
>
> I've used http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt as a guide
> and I see that a lot of spam is rejected at the gate (before it is handled
> by spamassassin).
>
> The only thing that I cannot get to work is rejecting multiple recipients
> in the to: or cc: field that are not for my domain.
Why on earth would you want to do this? This is a very poor spam
indicator.
> I've setup header-checks to limit the number of recipients to 5 but I
> still see the following in my mail-log:
>
> postfix/pickup[21986]: 3D1861CA700: uid=1003 from=<**spamme...@hotmail.com>
> postfix/cleanup[27929]: 3D1861CA700:
> message-id=<col117-w30ed22a833cbbb9530b31c92...@phx.gbl>
> postfix/pipe[27930]: 7CA961CA6F2: to=<b...@**mydomain**.net>,
> relay=spamfilter, delay=5, status=sent (mail.**mydomain**)
> postfix/qmgr[1156]: 3D1861CA700: from=<**spamme...@hotmail.com>,
> size=9760, nrcpt=2 (queue active)
> postfix/lmtp[27951]: 3D1861CA700: to=<b...@**mydomain**.net>,
> relay=/tmp/lmtp[/tmp/lmtp], delay=0, status=sent (250 2.1.5 Ok)
> postfix/smtp[27949]: 3D1861CA700: to=<b...@**other domain**.nl>,
> relay=**external mailserver**[77.94.249.33], delay=1, status=sent (250
> 2.0.0 Ok: queued as 8241D3948C6)
Your "simple" content filter is severely broken, it resends mail
to header recipients, rather than just forwarding to the original
envelope recipients.
DO NOT (under ANY circumstances) use "sendmail -t" to re-inject
filtered mail. Capture the original recipient list via ${recipient} in the
pipe(8) transport definition and pass this argument list safely to
sendmail re-injection command in your script.
>
> So my questions are:
> - Am I allowed to prevent the relaying of this message to the external
> mailserver, or will this break my e-mail configuration?
Your configuration is already severely broken, once you fix that, the
question will become moot.
> - How do I prevent this? Is there an option in my configuration I should
> take a look at?
> - Am I missing something?
>
Read the simple content filter examples in FILTER_README *with care*.
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majord...@postfix.org?body=unsubscribe%20postfix-users>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
