On Wed, Jan 20, 2010 at 10:34 AM, Ralf Hildebrandt <ralf.hildebra...@charite.de> wrote: >> /^localhost$/ 550 Don't use my own domain (localhost)! >> /^iamghost.\com$/ 550 Don't use my own domain! >> /^64\.95\.64\.198$/ 550 Your spam was rejected because you're >> forging my IP. >> /^\[64\.95\.64\.198\]$/ 550 Your spam was rejected because you're >> forging my IP. >> /^mail\.iamghost.\com$/ 550 Don't use my own hostname! >> /^[0-9.-]+$/ 550 Your software is not RFC 2821 >> compliant: EHLO/HELO must be a domain or an address-literal (IP enclosed in >> []) - not a naked IP. >> >> Beyond this file, does my main.cf file look correct to you? > > Looks OK.
Why did this email get through Postfix if my I followed Ralph's example of helo_checks.pcre'? I posted my postconf -n previously in this message and above you can see the contents of 'helo_checks.pcre' & I would think this would prevent anyone from sending mail to my Postfix server spoofing my domain in the headers. Am I wrong? I got the following email this weekend: Return-Path: <postmas...@iamghost.com> X-Original-To: postmas...@iamghost.com Delivered-To: postmas...@iamghost.com Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.iamghost.com (Postfix) with ESMTP id EC5B277ADD6 for <postmas...@iamghost.com>; Sat, 27 Feb 2010 15:05:50 -0500 (EST) X-Virus-Scanned: amavisd-new at iamghost.com X-Spam-Flag: YES X-Spam-Score: 7.457 X-Spam-Level: ******* X-Spam-Status: Yes, score=7.457 tagged_above=-999 required=5 tests=[BAYES_50=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, RDNS_NONE=0.1] autolearn=no Received: from mail.iamghost.com ([127.0.0.1]) by localhost (iamghost.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id awUEbrkCfcvq for <postmas...@iamghost.com>; Sat, 27 Feb 2010 15:05:50 -0500 (EST) Received: from ambianceimports.com (unknown [89.204.40.160]) by mail.iamghost.com (Postfix) with SMTP id 179C477ADB5 for <postmas...@iamghost.com>; Sat, 27 Feb 2010 15:05:48 -0500 (EST) To: <postmas...@iamghost.com> Subject: ***SPAM*** Delivery Status Notification From: Inez <postmas...@iamghost.com> MIME-Version: 1.0 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <20100227200549.179c477a...@mail.iamghost.com> Date: Sat, 27 Feb 2010 15:05:48 -0500 (EST) I thought this was the point of adding the 'helo_checks' but I think I am missing something. Can anyone please help explain what I did wrong or am missing? I think this email should have been prevented with: /^iamghost\.com$/ 550 Don't use my own domain The headers of this email show the spammer spoofed this email to come from 'postmas...@iamghost.com'. *Below is my output of 'postconf -n': address_verify_sender = $double_bounce_sender alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases, hash:/etc/mailman/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix content_filter = amavisfeed:[127.0.0.1]:10024 daemon_directory = /usr/libexec/postfix home_mailbox = Maildir/ html_directory = no inet_interfaces = all mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man message_size_limit = 20480000 mydestination = $myhostname, $mydomain, mail.$mydomain mydomain = iamghost.com myhostname = mail.iamghost.com mynetworks = $config_directory/mynetworks myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix recipient_delimiter = + relay_domains = sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_tls_security_level = may smtpd_banner = $myhostname ESMTP smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, reject_unlisted_recipient, check_policy_service unix:postgrey/socket, check_sender_access hash:/etc/postfix/sender_access, check_helo_access pcre:/etc/postfix/helo_checks.pcre, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_reverse_client_hostname, permit smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/ssl/mail.crt smtpd_tls_key_file = /etc/ssl/mail.key smtpd_tls_loglevel = 1 smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550
