Norm Mackey wrote: > The intent is to reject any emails claiming to be from inside our > own network which do not actually originate from our own server > IPs or authenticated sessions. > > In order to do this I followed the instructions I found at > http://tech.groups.yahoo.com/group/postfix-users/message/246702. > > Specifically I added > > check_sender_access hash:/etc/postfix/copycats > to > smtpd_recipient_restrictions= > after the mynetworks and SASL authenticated permits, added > an /etc/postfix/copycats file containing > > thisisreallymydomain.com REJECT > > Ran "postmap copycats", and did a postfix restart. > > This properly prevents email from domains claiming to be our > own, as in: > > me:~ # telnet www. thisisreallymydomain.com smtp > > Trying 72.20.102.100... > > Connected to www. thisisreallymydomain.com. > > Escape character is '^]'. > > 220 www.thisisreallymydomain.com ESMTP Postfix (2.2.5) > > EHLO me.somebodysomewhere.com > > 250-www.supportwizard.com > > 250-PIPELINING > [...] > > 250 8BITMIME > > MAIL FROM: norm@ thisisreallymydomain.com > > 250 Ok > > RCPT TO: normm@ thisisreallymydomain.com > > 554 <norm@ thisisreallymydomain.com>: Sender address rejected: Access > denied > > QUIT > > 221 Bye > > Connection closed by foreign host. > > This seems to be effective at stopping some of the spam, but other still > arrives, with headers like: > > > Received: by www.thisisireallymydomain.com (Postfix) > > id 3C916254775; Tue, 30 Dec 2008 03:50:01 -0800 (PST) > > Delivered-To: n...@thisisireallymydomain.com > > Received: from alkhorayef.com (unknown [91.189.132.54]) > > by www.thisisireallymydomain.com (Postfix) with SMTP id B31A025472A > > for <n...@thisisireallymydomain.com>; Tue, 30 Dec 2008 03:49:59 -0800 > (PST) > > To: <n...@thisisireallymydomain.com> > > Subject: Celebrate a victory in love > > From: <n...@thisisireallymydomain.com> > > MIME-Version: 1.0 > > Importance: High > > Content-Type: text/html > > Message-Id: <20081230114959.b31a0254...@www.thisisireallymydomain.com> > > Date: Tue, 30 Dec 2008 03:49:59 -0800 (PST) > > Return-Path: p...@acculab.com
This Return-Path: header indicates that the envelope sender address was not from your domain; it was the From: header that purports to be from your domain. The check_sender_access table operates on the envelope, not the header. > This arrives in the inbox of no...@thisisreallymydomain.com with no > indication of the > actual source being a different domain, as "From" > n...@thisisreallymydomain.com. Actually, there is an indication in the headers, as explained above. > How do I filter on the actual domain that it is coming from instead of > the forged > "From:" sent in the message headers? You need to filter based on the headers -- Sahil Tandon <sa...@tandon.net>
