On Mon, Aug 27, 2012 at 06:00:01PM +0200, Ilja Beeskow wrote: > Am 27.08.2012 16:33, schrieb Reindl Harald: > >Am 27.08.2012 16:30, schrieb Ilja Beeskow: > >>Am 27.08.2012 13:17, schrieb Jan Geep: > >>>[...] until recently people have started > >>>receiving spam email that appear to be sent from my domain. > >>> > >>> From: myn...@example.com > >>> To: myn...@example.com > >>> Subject: Fwd: Re: Scan from a Hewlett-Packard ScanJet 1234 > >>> > >>>But the return path is along the lines of: > >>> > >>> Return-Path: <somen...@spammer.com> > >> > >>smtpd_recipient_restrictions = permit_sasl_authenticated, > >>permit_mynetworks,..., check_sender_access > >>hash:/etc/postfix/not_our_domain_as_sender > >> > >>with /etc/postfix/not_our_domain_as_sender > >> > >>example.com REJECT Sorry, sender not permitted! > > > >FROM-header is not relevant for the SMTP protocol > > > > @Harald: Yes, I know! It's rejecting everybody who says he was > anyb...@example.com during the 'MAIL FROM:' smtp command.
Jan said he wanted to reject mail with From: headers of his domain, and that Return-Path: (the envelope sender) was some other address. Your check_sender_access lookup will be applied against the envelope sender address. Usually there are better ways to deal with spam. It's impossible to identify a certain header that is always (or never) spam. Don't even try. Spend your efforts elsewhere. Jim Seymour's cheatsheet (linked from the third-party HOWTO page at www.postfix.org) is a good starting point. Postscreen, with DNSBL scoring, is also effective. > @Jan: Could you please show us a corresponding log file entry? Chances are very high that the client host was listed in the Zen or BRBL DNSBLs. This junk is usually the work of botnets. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
