Re: Block messages from *.mydomain.dom

Fri, 28 Aug 2009 00:55:23 -0700 

On Fri, Aug 28, 2009 at 3:22 AM, Sahil Tandon<sa...@tandon.net> wrote:
> On Thu, 27 Aug 2009, Yeray Gutiérrez Cedrés wrote:
>
>> On Thu, Aug 27, 2009 at 4:29 AM, Voytek Eymont<li...@sbt.net.au> wrote:
>> >
>> > On Wed, August 26, 2009 5:49 am, ghe wrote:
>> >
>> >> I've done this by declaring my own internal domain names: slsware.dmz
>> >> and .lan in the 192.168 1918 IP block and adding them to mynetworks. Then 
>> >> I
>> >> just reject all mail from my .com domain by putting "check_helo_access
>> >> hash:/etc/postfix/helo_checks" very early in the
>> >> smtpd_recipient_restrictions:
>> >
>> >>> # This file has to be "compiled" with postmap
>> >>> # postmap hash:/etc/postfix/helo_checks ; postfix reload
>> >>>
>> >>>
>> >>> localhost            REJECT  You are not localhost slsware.com           
>> >>>     REJECT  No, no, no.
>> >>> You send *to* slsware.com
>> >>> .slsware.com         REJECT  No, no, no. You send *to* slsware.com
>> >
>> What if the spammer does the following?
>>
>> EHLO mail.otherdomain.com
>> MAIL FROM: gl...@slsware.com
>> RCPT TO:per...@slsware.com
>>
>> In that case, would the forged email be rejected with check_helo_access?
>
> Of course not.  Was that a joke?

Of course not. I have the same problem in my organization with forged
emails coming from my own domain. That's why I asked. In my case, we
have a check_sender_access list (with LDAP) in
smtpd_sender_restrictions:


smtpd_sender_restrictions =
     reject_invalid_hostname,
     reject_non_fqdn_sender,
     reject_non_fqdn_recipient,
     reject_unknown_sender_domain,
     reject_unknown_recipient_domain,
     check_sender_access ldap:/etc/postfix/allowed_sender_addresses.cf,
     reject


I also have to allow external hosts (out of my organization intranet)
to send email, for example, a person from my organization who sends
and receives email via an smtp/pop3 client from his home or another
location. That's why I couldn't use the mynetworks/check_helo_access
solution. A spammer using mail.otherdomain.com in EHLO and
postmas...@myorganization.com (that exists in the LDAP database) in
MAIL FROM: would succeed in sending the forged email.

That's why I wonder if there's a solution that matchs my configuration
or if I would have to redesign the restrictions strategy somehow.

 I also use spamassassin with amavis-new to try to prevent spam.

>
> --
> Sahil Tandon <sa...@tandon.net>
>

Reply via email to