Re: reject forged emails

Thu, 25 Mar 2010 11:27:18 -0700 

On 25-03-2010 05:41, Ralf Hildebrandt wrote:

* Frank Bonnet<f.bon...@esiee.fr>:

I have one domain, say domain.com and I want to reject emails
that pretend to be sent from domain.com
but are NOT into our IP range say 123.123.0.0/16

http://www.arschkrebs.de/postfix/postfix_incoming.shtm


Hi Ralf,


It seemed so simple and efficient I couldn't resist to implement. It 
worked as expected at first, but some apparently random legitimate 
messages get refused by that rule. Can you help me? I use postfix 
2.5.1-2ubuntu1.2 on a Ubuntu 8.10 LTS box with pam_ldap (if that matters).


Strip from main.cf, I did it with /etc/postfix/fakea1:

smtpd_recipient_restrictions =
    permit_mynetworks
    reject_unauth_destination
    check_sender_access hash:/etc/postfix/freemail_access
    check_recipient_access hash:/etc/postfix/rfc,
    check_recipient_access pcre:/etc/postfix/inativos_pcre,
                           hash:/etc/postfix/inativos
    check_sender_access pcre:/etc/postfix/access_pcre,
                        hash:/etc/postfix/access,
                        hash:/etc/postfix/fakea1
    check_client_access hash:/etc/postfix/access,
                        cidr:/etc/postfix/cidr
    reject_invalid_hostname
    reject_unauth_pipelining
    reject_non_fqdn_sender
    reject_non_fqdn_recipient
    reject_rbl_client bl.spamcop.net
    reject_rbl_client dnsbl.njabl.org
    reject_rbl_client b.barracudacentral.org
    check_policy_service inet:127.0.0.1:60000
    permit

Some relevant info and confs regarding reject_unauth_destination:

r...@jupiter:/etc/postfix# postconf relay_domains mydestination
relay_domains = $mydestination
mydestination = ldap:/etc/postfix/ldaptransport.cf
r...@jupiter:/etc/postfix# cat /etc/postfix/ldaptransport.cf
server_host             = ldap://192.168.0.xxx
                          ldap://192.168.0.xxx
search_base             = ou=domains,dc=xxx
bind                    = no
query_filter            = (&(cn=%s)(objectclass=transportTable))
result_attribute        = transport

r...@jupiter:/etc/postfix# ldapsearch -x -b "ou=domains,dc=xxx" 
"(&(cn=a1.ind.br)(objectclass=transportTable))"

# extended LDIF
#
# LDAPv3
# base <ou=domains,dc=xxx> with scope subtree
# filter: (&(cn=a1.ind.br)(objectclass=transportTable))
# requesting: ALL
#

# a1.ind.br, domains, a1.ind
dn: cn=a1.ind.br,ou=domains,dc=xxx
objectClass: top
objectClass: transportTable
cn: a1.ind.br
transport: smtp:[smtp.a1.ind.br]

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
r...@jupiter:/etc/postfix# cat fakea1

a1.ind.br       554 Utilize http://webmail.a1.ind.br ou o servidor 
autenticado.

r...@jupiter:/etc/postfix#

Berfore you ask, I did postmapped 'fakea1' and reloaded postfix :)
And finally the evidence:


Mar 25 15:06:22 jupiter postfix/smtpd[17453]: NOQUEUE: reject: RCPT from 
hm2223.locaweb.com.br[200.234.196.45]: 554 5.7.1 
<giulio.bor...@a1.ind.br>: Recipient address rejected: Utilize 
http://webmail.a1.ind.br ou o servidor autentica
do.; from=<fo...@helpfacil.com.br> to=<giulio.bor...@a1.ind.br> 
proto=ESMTP helo=<HM2223.locaweb.com.br>


Have I missed something? What's wrong? Thanks and best regards.

--
Marcio Merlone























					Reply via email to