On 2/28/2010 1:55 PM, Carlos Williams wrote:
On Tue, Oct 27, 2009 at 8:55 AM, Noel Jones<njo...@megan.vbhcs.org> wrote:
Or you can have postfix add it to main.cf for you by typing the command:
# postconf -e 'address_verify_sender=$double_bounce_sender'
I added the above parameter
(address_verify_sender=$double_bounce_sender) in my main.cf to keep
spammers from sending spam / junk email to my built in Postmaster
account.
That parameter doesn't prevent spammers from sending junk to
postmaster, it prevents mail to postmaster from bypassing your
existing anti-spam controls. Big difference.
I am running a dated version of Postfix 2.3. I added it in my
main.cf and reloaded Postfix. I see it listed in my 'postconf -n'&
just this weekend received this email:
Return-Path:<postmas...@iamghost.com>
X-Original-To: postmas...@iamghost.com
Delivered-To: postmas...@iamghost.com
Received: from localhost (localhost.localdomain [127.0.0.1])
by mail.iamghost.com (Postfix) with ESMTP id EC5B277ADD6
for<postmas...@iamghost.com>; Sat, 27 Feb 2010 15:05:50 -0500 (EST)
X-Virus-Scanned: amavisd-new at iamghost.com
X-Spam-Flag: YES
X-Spam-Score: 7.457
X-Spam-Level: *******
X-Spam-Status: Yes, score=7.457 tagged_above=-999 required=5
tests=[BAYES_50=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457,
RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033,
RDNS_NONE=0.1] autolearn=no
Received: from mail.iamghost.com ([127.0.0.1])
by localhost (iamghost.com [127.0.0.1]) (amavisd-new, port 10024)
with LMTP id awUEbrkCfcvq for<postmas...@iamghost.com>;
Sat, 27 Feb 2010 15:05:50 -0500 (EST)
Received: from ambianceimports.com (unknown [89.204.40.160])
by mail.iamghost.com (Postfix) with SMTP id 179C477ADB5
for<postmas...@iamghost.com>; Sat, 27 Feb 2010 15:05:48 -0500 (EST)
To:<postmas...@iamghost.com>
Subject: ***SPAM*** Delivery Status Notification
From: Inez<postmas...@iamghost.com>
MIME-Version: 1.0
Content-Type: text/html; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id:<20100227200549.179c477a...@mail.iamghost.com>
Date: Sat, 27 Feb 2010 15:05:48 -0500 (EST)
*************************************************************************
Should the above parameter firstly not have allowed this message to be
sent to 'Postmaster'?
No. Apparently you have no controls that would otherwise
reject this spam.
And I am confused why the "Return-Path& Delivered-To" address are the
same. Was this spammer attempting to spoof my postmaster's email
address?
Yes, looks as if the spammer forged your postmaster as the
envelope sender. You can reject mail FROM postmaster@ your
domain with a check_sender_access map.
If you need any more help, show your "postconf -n" output.
-- Noel Jones
