On 2/28/2010 2:26 PM, Carlos Williams wrote:
On Wed, Jan 20, 2010 at 10:34 AM, Ralf Hildebrandt
<ralf.hildebra...@charite.de> wrote:
/^localhost$/ 550 Don't use my own domain (localhost)!
/^iamghost.\com$/ 550 Don't use my own domain!
/^64\.95\.64\.198$/ 550 Your spam was rejected because you're
forging my IP.
/^\[64\.95\.64\.198\]$/ 550 Your spam was rejected because you're
forging my IP.
/^mail\.iamghost.\com$/ 550 Don't use my own hostname!
/^[0-9.-]+$/ 550 Your software is not RFC 2821
compliant: EHLO/HELO must be a domain or an address-literal (IP enclosed in [])
- not a naked IP.
Beyond this file, does my main.cf file look correct to you?
Looks OK.
Why did this email get through Postfix if my I followed Ralph's
example of helo_checks.pcre'? I posted my postconf -n previously in
this message and above you can see the contents of 'helo_checks.pcre'
& I would think this would prevent anyone from sending mail to my
Postfix server spoofing my domain in the headers. Am I wrong? I got
the following email this weekend:
Return-Path:<postmas...@iamghost.com>
X-Original-To: postmas...@iamghost.com
Delivered-To: postmas...@iamghost.com
Received: from localhost (localhost.localdomain [127.0.0.1])
by mail.iamghost.com (Postfix) with ESMTP id EC5B277ADD6
for<postmas...@iamghost.com>; Sat, 27 Feb 2010 15:05:50 -0500 (EST)
X-Virus-Scanned: amavisd-new at iamghost.com
X-Spam-Flag: YES
X-Spam-Score: 7.457
X-Spam-Level: *******
X-Spam-Status: Yes, score=7.457 tagged_above=-999 required=5
tests=[BAYES_50=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457,
RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033,
RDNS_NONE=0.1] autolearn=no
Received: from mail.iamghost.com ([127.0.0.1])
by localhost (iamghost.com [127.0.0.1]) (amavisd-new, port 10024)
with LMTP id awUEbrkCfcvq for<postmas...@iamghost.com>;
Sat, 27 Feb 2010 15:05:50 -0500 (EST)
Received: from ambianceimports.com (unknown [89.204.40.160])
by mail.iamghost.com (Postfix) with SMTP id 179C477ADB5
for<postmas...@iamghost.com>; Sat, 27 Feb 2010 15:05:48 -0500 (EST)
To:<postmas...@iamghost.com>
Subject: ***SPAM*** Delivery Status Notification
From: Inez<postmas...@iamghost.com>
MIME-Version: 1.0
Content-Type: text/html; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id:<20100227200549.179c477a...@mail.iamghost.com>
Date: Sat, 27 Feb 2010 15:05:48 -0500 (EST)
I thought this was the point of adding the 'helo_checks' but I think I
am missing something. Can anyone please help explain what I did wrong
or am missing? I think this email should have been prevented with:
/^iamghost\.com$/ 550 Don't use my own domain
The headers of this email show the spammer spoofed this email to come
from 'postmas...@iamghost.com'.
Learn to read the Received: headers.
Received: from helo_hostname (client_hostname [client.ip])
by myname (Postfix) with SMTP id QUEUEID
for <recipient>; date
(the "for <recipient>" part is omitted if there is more than
one recipient.)
Your check is for the helo_hostname, which is ambianceimports.com.
If you want to prevent your own domain as sender address in
outside mail, you'll need to add a check_sender_access map for
that.
-- Noel Jones
*Below is my output of 'postconf -n':
address_verify_sender = $double_bounce_sender
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases, hash:/etc/mailman/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = amavisfeed:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 20480000
mydestination = $myhostname, $mydomain, mail.$mydomain
mydomain = iamghost.com
myhostname = mail.iamghost.com
mynetworks = $config_directory/mynetworks
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
recipient_delimiter = +
relay_domains =
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_security_level = may
smtpd_banner = $myhostname ESMTP
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_non_fqdn_helo_hostname,
reject_invalid_helo_hostname
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_pipelining,
reject_non_fqdn_recipient, reject_unknown_recipient_domain,
reject_unauth_destination, reject_unlisted_recipient,
check_policy_service unix:postgrey/socket, check_sender_access
hash:/etc/postfix/sender_access,
check_helo_access pcre:/etc/postfix/helo_checks.pcre,
reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_unknown_reverse_client_hostname, permit
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/mail.crt
smtpd_tls_key_file = /etc/ssl/mail.key
smtpd_tls_loglevel = 1
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
