Hi everyone,
I am the systems administrator for the Electronic Frontier Foundation. I
have been having a problem with getting spam that has a from of, for
example, t...@eff.org (which is a valid email address). I would like my
mail server to not accept mail that says it is from @eff.org unless it
is sent via an authenticated end user, or unless it is mail generated by
the mail server itself. Essentially, in pseudo-code, what I want is:
if ((from == *...@eff.org) and ((sending mail server != mail1.eff.org) or
(sent using SMTP auth))) then REJECT
I have already tried editing /usr/local/etc/postfix/access, adding:
eff.org REJECT you can't send mail as me!
And of course I ran postmap after this. I have also tried using the
setting that rejects mail that says HELO eff.org.
Neither worked.
I should also point out that, at least for now, this is the ONLY type of
mail that I want to explicitly block. At this time I am not able to do a
spam assassin install or reject via black lists due to our current spam
policy.
Here is my postconf -n output:
address_verify_negative_expire_time = 1d
alias_database = hash:$config_directory/aliases,
hash:$config_directory/aliases.mailman
alias_maps = hash:$config_directory/aliases,
hash:$config_directory/aliases.mailman
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
home_mailbox = Maildir/
html_directory = no
mail_owner = postfix
mail_spool_directory = /var/mail
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
mydestination = $myhostname, localhost, $myhostname.$mydomain,
$mydomain, email.$mydomain
myhostname = mail1.eff.org
mynetworks = 75.101.97.64/28, 68.120.144.0/24, 67.103.31.132/32, 127.0.0.0/8
myorigin = $mydomain
newaliases_path = /usr/local/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_restrictions = permit_mynetworks reject_unknown_client
check_client_access hash:$config_directory/accesslist permit
smtpd_data_restrictions = reject_unauth_pipelining permit
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks check_helo_access
hash:$config_directory/restrict_helo check_helo_access
hash:$config_directory/accesslist reject_invalid_hostname permit
smtpd_recipient_restrictions = permit_mynetworks
permit_sasl_authenticated reject_non_fqdn_recipient
reject_multi_recipient_bounce reject_unknown_recipient_domain
reject_unauth_destination reject_unlisted_recipient permit_mx_backup
permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_mynetworks check_sender_access
hash:$config_directory/accesslist reject_non_fqdn_sender
reject_unknown_sender_domain reject_unlisted_sender
hash:$config_directory/sender_access permit
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/STAR_eff_org.postfix.crt
smtpd_tls_key_file = /etc/ssl/STAR_eff_org.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
unknown_address_reject_code = 550
unknown_local_recipient_reject_code = 550
unverified_recipient_reject_code = 450
unverified_sender_reject_code = 550
virtual_alias_domains = $virtual_alias_maps
virtual_alias_maps = hash:$config_directory/virtual.dearaol.com,
hash:$config_directory/virtual.ourvotelive.org,
hash:$config_directory/virtual.stopthespying.org,
hash:$config_directory/virtual.soundcopyright.eu
Thanks for any help you might be able to provide.
- Stu
