On Wed, 29 Jul 2009, Matthew D. Fuller wrote:
On Wed, Jul 29, 2009 at 03:03:43PM +0100 I heard the voice of
Clunk Werclick, and lo! it spake thus:
My apologies for the terse caveat. As I understand it, there are
some external mail services that roaming users may use that forward
mail into your Postfix claiming to be from your domain. Myself I do
not use this.
The problem doesn't come from what you use, but from what any of your
users may somewhere use.
Imagine you are example.com, and have two users, a...@example.com, and
b...@example.com. a...@example.com sends mail to b...@someother.domain (which
you don't control, and know nothing about, short of looking up its MX
record and sending the mail on its way). But b...@someother.domain is
just a forwarder and forwards the mail on to b...@example.com. That
forwarder won't (and quite probably _shouldn't_) change the envelope
sender. Suddenly, you have mail from "outside", with an envelope
sender that's you, but is perfectly legitimate. And pretty common.
If you know all your users and know none of them do any such thing,
filtering it works great. But if you're not absolutely sure, you
could be setting out landmines.
Thanks for the real-life example. We see lots of spam like this here, and
often they'll set the envelope from to our support address, which is on
spamassassin's global whitelist.
Is there any good way to block this crap without breaking things? It
looks like in our case I could at least restrict it to our support/role
addresses which should NEVER be sending from outside our network...
Thanks,
Charles
--
Matthew Fuller (MF4839) | fulle...@over-yonder.net
Systems/Network Administrator | http://www.over-yonder.net/~fullermd/
On the Internet, nobody can hear you scream.
