Bijayant Kumar
--- On Thu, 8/1/09, Chris Babcock <cbabc...@kolonelpanic.com> wrote:
> From: Chris Babcock <cbabc...@kolonelpanic.com>
> Subject: Re: Blocking Spam
> To: postfix-users@postfix.org
> Cc: bijayan...@yahoo.com
> Date: Thursday, 8 January, 2009, 2:13 PM
> On Wed, 7 Jan 2009 23:30:06 -0800 (PST)
> bijayant kumar <bijayan...@yahoo.com> wrote:
>
> >
> >
> > Bijayant Kumar
> >
> >
> > --- On Tue, 6/1/09, DJ Lucas <d...@lucasit.com>
> wrote:
> >
> > > From: DJ Lucas <d...@lucasit.com>
> > > Subject: Re: Blocking Spam
> > > To: postfix-users@postfix.org
> > > Date: Tuesday, 6 January, 2009, 2:00 PM
> > > bijayant kumar wrote:
> > > > Bijayant Kumar
> > > >
> > > >
> > > > --- On Tue, 6/1/09, DJ Lucas
> <d...@lucasit.com>
> > > wrote:
> > > >
> > > >
> > > >> From: DJ Lucas <d...@lucasit.com>
> > > >> Subject: Re: Blocking Spam
> > > >> To: "postfix"
> > > <postfix-users@postfix.org>
> > > >> Date: Tuesday, 6 January, 2009, 6:34 AM
> > > >> bijayant kumar wrote:
> > > >>
> > > >>> Hello list,
> > > >>>
> > > >>> Now a days we are getting lots of
> spam emails
> > > from our
> > > >>>
> > > >> own email-ids. I want to block this. I
> have tried
> > > to block
> > > >> senders domains which are local and not
> doing
> > > smtp-auth.
> > > >> While implementing I come across a new
> problem
> > > like, when I
> > > >> rejected a spam coming from my own
> email-id from
> > > another
> > > >> spam server, I got Bounce-Notification
> message
> > > also. As the
> > > >> account(my email id) is local, it
> entitled to get
> > > the Bounce
> > > >> Notification. How to overcome this
> issue? Any
> > > suggestion or
> > > >> reading.
> > > >>
> > > >>>
> > > >> <SNIP>
> > > >>
> > > >>> I am trying to reject the mails
> which is
> > > coming from
> > > >>>
> > > >> a...@abc.com without smtp-authentication.
> It is
> > > being
> > > >> rejected but the bounce message is
> getting
> > > delivered to
> > > >> a...@abc.com as this domain and email is
> local.
> > > This is the
> > > >> problem.
> > > >>
> > > >>> Bijayant Kumar
> > > >>>
> > > >> What is the source of the NDR (show
> headers if it
> > > is not
> > > >> you) and why/how was the original
> message rejected
> > > (logs)?
> > > >>
> > > >>
> > > >
> > > > I think I was not clear on my question. As
> we all know
> > > spammers uses the from address as our own email
> address and
> > > spamming like anything, right. In those emails
> from address
> > > and To address both are same. So, I tried to
> block those
> > > spams which are local and not doing
> smtp-authentication. I
> > > have tried to simulate the scenario on my local
> testing
> > > environments.
> > > > I have created a test domain kavach.com and
> a user
> > > bijay...@kavach.com. I have telneted on one
> another postfix
> > > installation and tried to send emails from
> > > bijay...@kavach.com to bijay...@kavach.com. What
> I observed
> > > the email is rejected as desired because it has
> sent without
> > > the smtp-authentication. But bijay...@kavach.com
> also
> > > received the bounce-notification message i.e
> undelivered
> > > mail returned to sender.
> > > >
> > > > Postconf -n on test machine
> > > >
> > > > mynetworks = 127.0.0.0/8
> > > > mynetworks_style = subnet
> > > > myorigin = $mydomain
> > > > newaliases_path = /usr/bin/newaliases
> > > > queue_directory = /var/spool/postfix
> > > > readme_directory =
> /usr/share/doc/postfix-2.5.5/readme
> > > > sample_directory = /etc/postfix
> > > > sendmail_path = /usr/sbin/sendmail
> > > > setgid_group = postdrop
> > > > smtpd_recipient_restrictions =
> permit_mynetworks
> > > > permit_sasl_authenticated
> > > > reject_unauth_destination
> > > > check_sender_access
> hash:/etc/postfix/access_sender
> > > > smtpd_sasl_auth_enable = yes
> > > > smtpd_sasl_security_options = noanonymous
> > > > unknown_local_recipient_reject_code = 550
> > > >
> > > > cat /etc/postfix/access_sender
> > > > kavach.com REJECT
> > > > .kavach.com REJECT
> > > >
> > > > Mail-Log
> > > > I sent a mail from another postfix
> installation
> > > > postfix/smtpd[14415]: connect from
> > > unknown[192.168.99.22]
> > > > postfix/smtpd[14415]: NOQUEUE: reject: RCPT
> from
> > > unknown[192.168.99.22]: 554 5.7.1
> > > <bijay...@kavach.com>: Sender address
> rejected: Access
> > > denied; from=<bijay...@kavach.com>
> > > to=<bijay...@kavach.com> proto=ESMTP
> > > helo=<test1.localdomain>
> > > > postfix/smtpd[14415]: disconnect from
> > > unknown[192.168.99.22]
> > > > postfix/smtpd[14415]: connect from
> > > unknown[192.168.99.22]
> > > > postfix/smtpd[14415]: 4C8ED7F68D:
> > > client=unknown[192.168.99.22]
> > > > postfix/cleanup[14421]: 4C8ED7F68D:
> > >
> message-id=<20090106054312.37623df...@test1.localdomain>
> > > > postfix/qmgr[14308]: 4C8ED7F68D:
> from=<>,
> > > size=2520, nrcpt=1 (queue active)
> > > > postfix/smtpd[14415]: disconnect from
> > > unknown[192.168.99.22]
> > > > postfix/virtual[14422]: 4C8ED7F68D:
> > > to=<bijay...@kavach.com>, relay=virtual,
> delay=0.05,
> > > delays=0.03/0.01/0/0.01, dsn=2.0.0, status=sent
> (delivered
> > > to maildir)
> > > >
> > > > Hope I am clear this time.
> > > >
> > > Unfortunately, you did not ask a question, but
> using the
> > > logs will help the reader (me) to figure out what
> the
> > > question is. :-)
> > Oops....sorry my mistake
> >
> > >Right now, it is working perfectly as per
> > > your description. 192.168.99.22 is not the final
> > > destination, nor is it responsible for the sender
> of the
> > > message, but it accepted the message anyway, and
> sent it on
> > > to the final destination. The destination
> correctly
> > > rejected it, as you configured it to do.
> 192.168.99.22
> > > received the 550 message and notified the
> original sender
> > > (since it is not responsible for the sender, it
> notified the
> > > sever responsible for the sender with an NDR).
> > > I think your question revolves around
> 192.168.99.22 sending
> > > a bounce message. The short answer is that it is
> > > misconfigured, in that it accepts mail that it
> should not
> > > accept. If you do not want your relay server to
> bounce,
> > > then configure it not to accept messages from
> senders, or to
> > > recipients, that it is not responsible for.
> > >
> > My question is, spammers forges the from address and
> sends the spam
> > where from address and to address are same. Like in my
> case I am
> > getting the spam mails from bijay...@kavach.com to
> > bijay...@kavach.com. So, I googled and found that
> after
> > reject_unauth_destination I have to add one
> check_sender_access in
> > which I have to write kavach.com REJECT. It means that
> reject all the
> > mails which are not doing smtp-authetication and the
> domains are
> > local, right? To test the above settings I telnetted
> to 192.168.99.22
> > (another postfix installed machine) and tried to send
> "mail from and
> > rcpt to" as bijay...@kavach.com. As expected it
> got rejected. But I
> > have also received the bounce message also from the
> sender "<>". I
> > am wondering if this is by default then my users will
> get lots of
> > bounce notification mails which they have never sent.
> So, the total
> > idea behind implementing this feature will fail. There
> has to be some
> > way that I am not able to find. Please suggest how
> should I proceed.
> > Am I testing in the wrong way or missing any thing?
> >
> > > If I've got it backwards, and you simply do
> not want to
> > > receive bounce messages, though it is generally
> considered a
> > > bad idea as it's against RFC, you can filter
> on the
> > > empty envelope sender (<>). Standard
> disclaimer:
> > > DON'T DO THAT! Somebody recently mentioned a
> DNSBL
> > > (ips.backscatterers.org I think, search for it)
> to use as a
> > > conditional aid, but that would do nothing about
> the
> > > 'problem' in this scenario, the first
> server
> > > (internal server) relaying a message that it
> should not
> > > have.
> >
> > Thats not a case, we are receiving the Bounce messages
> for local
> > users.
>
> It's doing what you're asking... "REJECT"
> means bounce the message. You
> probably want to "DISCARD" it.
>
DISCARD means nobody will receive the bounce message, right? If any bodies
mails is rejected from our server he/she will never know what was the issue.
> There *MAY BE* legitimate reasons for for mail to come into
> your network
> from a server outsite the network addressed to one of your
> users and
> purporting to be from that user. For example, test messages
> from remote
> workers sending through their home ISP. Just so that you
> are aware of
> the other side of the issue.
>
It means that we can not do any thing for that kind of mails at the Postfix
level. We have to receive those *SPAM* Mails in which from and to address are
same or spams coming from our one of the email addresses to any users, right?
If these types of mails can be rejected by the Postfix then please let me know
how or any pointer any docs will be very useful to me.
> Chris Babcock
New Email addresses available on Yahoo!
Get the Email name you've always wanted on the new @ymail and @rocketmail.
Hurry before someone else does!
http://mail.promotions.yahoo.com/newdomains/aa/
