On 08/09/2010 06:34 PM, Stan Hoeppner wrote:
Nicolas Michel put forth on 8/9/2010 9:29 AM:
For example : a host with IP WWW.XXX.YYY.ZZZ try so send a mail to my
domain (we'll call it mydomain.be) and claims that the sender is
u...@otherdomain.com
Example of forging, typical of spammers:
Return-Path:<coltenarmi...@yahoo.dk>
X-Original-To: XXXXXXXX
Delivered-To: XXXXXXXX
Received: from [59.95.115.27] (unknown [59.95.115.27])
by XXXXXXXX (Postfix) with ESMTP id A1ABC6C35B
for<XXXXXXXX>; Mon, 9 Aug 2010 07:52:49 -0500 (CDT)
Received: from [59.95.115.27] by mx1.mail.eu.yahoo.com; Mon, 9 Aug 2010
18:22:49 +0530
From: "DUSTY MORRISON"<dustymorri...@yahoo.dk>
Note that both the display name and return path are different addresses, but
both claim to be from Yahoo Germany infrastructure. Note that the sending MTA
is within the network of BSNL Internet in New Delhi India.
This is probably very similar to what you're seeing, and what we're all
seeing. 99%+ of all spam is forged, sometimes, as in this case, at multiple
levels. This spammer even went as far as inserting a fake transaction in the
header to make it look like the email went through yahoo.dk servers at one
point, when in fact it did not.
Unfortunately the SMTP protocol does not really allow us to discern forged
email. If it did, spam would never have become the scourge of the internet
that it has.
There is no magic bullet to kill spam. It would probably be beneficial if you
shared your main.cf of 'postconf -n' output with us. We can then suggest
additional configuration settings that will help reject spam.
Do you use Spamassassin or another email content filter?
I'm using mailscanner which works well and postfix is configured to
reject the maximum of bad mails :
relay_recipient_maps =
proxy:unix:passwd.byname,
hash:/etc/aliases,
ldap:/etc/postfix/zimbra-users.cf
smtpd_recipient_restrictions =
permit_mynetworks,
reject_non_fqdn_hostname,
reject_invalid_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unauth_destination,
reject_unknown_hostname,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client dul.dnsbl.sorbs.net,
permit
I'm searching to improve our mail system and SPF seems to be a good way
to do it. However if you have some suggestions I'll thank you ;)
By the way, I read how to implement SPF checks with
postfix-policyd-spf-perl. But in the howto they __reject__ mails and I
do prefer to manage SPF with mailscanner with scores. Someone already
did it?
I also seen that there is spf-milter-python
=> which one is better? The implementation in perl or the one in python?
Thank you,
