On Wed, 7 Jan 2009 23:30:06 -0800 (PST) bijayant kumar <bijayan...@yahoo.com> wrote:
> > > Bijayant Kumar > > > --- On Tue, 6/1/09, DJ Lucas <d...@lucasit.com> wrote: > > > From: DJ Lucas <d...@lucasit.com> > > Subject: Re: Blocking Spam > > To: postfix-users@postfix.org > > Date: Tuesday, 6 January, 2009, 2:00 PM > > bijayant kumar wrote: > > > Bijayant Kumar > > > > > > > > > --- On Tue, 6/1/09, DJ Lucas <d...@lucasit.com> > > wrote: > > > > > > > > >> From: DJ Lucas <d...@lucasit.com> > > >> Subject: Re: Blocking Spam > > >> To: "postfix" > > <postfix-users@postfix.org> > > >> Date: Tuesday, 6 January, 2009, 6:34 AM > > >> bijayant kumar wrote: > > >> > > >>> Hello list, > > >>> > > >>> Now a days we are getting lots of spam emails > > from our > > >>> > > >> own email-ids. I want to block this. I have tried > > to block > > >> senders domains which are local and not doing > > smtp-auth. > > >> While implementing I come across a new problem > > like, when I > > >> rejected a spam coming from my own email-id from > > another > > >> spam server, I got Bounce-Notification message > > also. As the > > >> account(my email id) is local, it entitled to get > > the Bounce > > >> Notification. How to overcome this issue? Any > > suggestion or > > >> reading. > > >> > > >>> > > >> <SNIP> > > >> > > >>> I am trying to reject the mails which is > > coming from > > >>> > > >> a...@abc.com without smtp-authentication. It is > > being > > >> rejected but the bounce message is getting > > delivered to > > >> a...@abc.com as this domain and email is local. > > This is the > > >> problem. > > >> > > >>> Bijayant Kumar > > >>> > > >> What is the source of the NDR (show headers if it > > is not > > >> you) and why/how was the original message rejected > > (logs)? > > >> > > >> > > > > > > I think I was not clear on my question. As we all know > > spammers uses the from address as our own email address and > > spamming like anything, right. In those emails from address > > and To address both are same. So, I tried to block those > > spams which are local and not doing smtp-authentication. I > > have tried to simulate the scenario on my local testing > > environments. > > > I have created a test domain kavach.com and a user > > bijay...@kavach.com. I have telneted on one another postfix > > installation and tried to send emails from > > bijay...@kavach.com to bijay...@kavach.com. What I observed > > the email is rejected as desired because it has sent without > > the smtp-authentication. But bijay...@kavach.com also > > received the bounce-notification message i.e undelivered > > mail returned to sender. > > > > > > Postconf -n on test machine > > > > > > mynetworks = 127.0.0.0/8 > > > mynetworks_style = subnet > > > myorigin = $mydomain > > > newaliases_path = /usr/bin/newaliases > > > queue_directory = /var/spool/postfix > > > readme_directory = /usr/share/doc/postfix-2.5.5/readme > > > sample_directory = /etc/postfix > > > sendmail_path = /usr/sbin/sendmail > > > setgid_group = postdrop > > > smtpd_recipient_restrictions = permit_mynetworks > > > permit_sasl_authenticated > > > reject_unauth_destination > > > check_sender_access hash:/etc/postfix/access_sender > > > smtpd_sasl_auth_enable = yes > > > smtpd_sasl_security_options = noanonymous > > > unknown_local_recipient_reject_code = 550 > > > > > > cat /etc/postfix/access_sender > > > kavach.com REJECT > > > .kavach.com REJECT > > > > > > Mail-Log > > > I sent a mail from another postfix installation > > > postfix/smtpd[14415]: connect from > > unknown[192.168.99.22] > > > postfix/smtpd[14415]: NOQUEUE: reject: RCPT from > > unknown[192.168.99.22]: 554 5.7.1 > > <bijay...@kavach.com>: Sender address rejected: Access > > denied; from=<bijay...@kavach.com> > > to=<bijay...@kavach.com> proto=ESMTP > > helo=<test1.localdomain> > > > postfix/smtpd[14415]: disconnect from > > unknown[192.168.99.22] > > > postfix/smtpd[14415]: connect from > > unknown[192.168.99.22] > > > postfix/smtpd[14415]: 4C8ED7F68D: > > client=unknown[192.168.99.22] > > > postfix/cleanup[14421]: 4C8ED7F68D: > > message-id=<20090106054312.37623df...@test1.localdomain> > > > postfix/qmgr[14308]: 4C8ED7F68D: from=<>, > > size=2520, nrcpt=1 (queue active) > > > postfix/smtpd[14415]: disconnect from > > unknown[192.168.99.22] > > > postfix/virtual[14422]: 4C8ED7F68D: > > to=<bijay...@kavach.com>, relay=virtual, delay=0.05, > > delays=0.03/0.01/0/0.01, dsn=2.0.0, status=sent (delivered > > to maildir) > > > > > > Hope I am clear this time. > > > > > Unfortunately, you did not ask a question, but using the > > logs will help the reader (me) to figure out what the > > question is. :-) > Oops....sorry my mistake > > >Right now, it is working perfectly as per > > your description. 192.168.99.22 is not the final > > destination, nor is it responsible for the sender of the > > message, but it accepted the message anyway, and sent it on > > to the final destination. The destination correctly > > rejected it, as you configured it to do. 192.168.99.22 > > received the 550 message and notified the original sender > > (since it is not responsible for the sender, it notified the > > sever responsible for the sender with an NDR). > > I think your question revolves around 192.168.99.22 sending > > a bounce message. The short answer is that it is > > misconfigured, in that it accepts mail that it should not > > accept. If you do not want your relay server to bounce, > > then configure it not to accept messages from senders, or to > > recipients, that it is not responsible for. > > > My question is, spammers forges the from address and sends the spam > where from address and to address are same. Like in my case I am > getting the spam mails from bijay...@kavach.com to > bijay...@kavach.com. So, I googled and found that after > reject_unauth_destination I have to add one check_sender_access in > which I have to write kavach.com REJECT. It means that reject all the > mails which are not doing smtp-authetication and the domains are > local, right? To test the above settings I telnetted to 192.168.99.22 > (another postfix installed machine) and tried to send "mail from and > rcpt to" as bijay...@kavach.com. As expected it got rejected. But I > have also received the bounce message also from the sender "<>". I > am wondering if this is by default then my users will get lots of > bounce notification mails which they have never sent. So, the total > idea behind implementing this feature will fail. There has to be some > way that I am not able to find. Please suggest how should I proceed. > Am I testing in the wrong way or missing any thing? > > > If I've got it backwards, and you simply do not want to > > receive bounce messages, though it is generally considered a > > bad idea as it's against RFC, you can filter on the > > empty envelope sender (<>). Standard disclaimer: > > DON'T DO THAT! Somebody recently mentioned a DNSBL > > (ips.backscatterers.org I think, search for it) to use as a > > conditional aid, but that would do nothing about the > > 'problem' in this scenario, the first server > > (internal server) relaying a message that it should not > > have. > > Thats not a case, we are receiving the Bounce messages for local > users. It's doing what you're asking... "REJECT" means bounce the message. You probably want to "DISCARD" it. There *MAY BE* legitimate reasons for for mail to come into your network from a server outsite the network addressed to one of your users and purporting to be from that user. For example, test messages from remote workers sending through their home ISP. Just so that you are aware of the other side of the issue. Chris Babcock
signature.asc
Description: PGP signature
