On 2/12/2014 7:53 AM, L. D. James wrote: > On 02/12/2014 08:02 AM, Wietse Venema wrote: >> L. D. James: >>> I have this in the log: >>> ----------------------------------------- >>> Feb 11 21:42:41 hera5 postfix/smtpd[4802]: connect from >>> localhost.localdomain[127.0.0.1] >>> Feb 11 21:42:41 hera5 postfix/smtpd[4802]: 05AAE155460: >>> client=localhost.localdomain[127.0.0.1] >> This is a connection from your content filter. >> >> You need to look at the logging for connections from remote systems. >> >> Wietse > Hi, Wietse. Actually that isn't a connection from my content > filter. That is a log of how the remote system answered my helo > request. The information (as per the topic header) is a lie. It's > bogus information. The remote system is lying to the request saying > they are me. It's a very common vulnerability of a standard postfix > configuration of which there are facilities (i.e. the helo_access) > routine to handle this vulnerability. >
You seem to be under the mistaken impression that the above lines show the HELO command used by the client. That is incorrect; the above lines show the client FCrDNS hostname and IP, both of which are very difficult to spoof. All the examples you've shared on this list are *really from* localhost, and none have shown a spammer using a HELO of localhost. You may be getting spam with a HELO of localhost; that's not too uncommon. You just haven't shown any here. Incidentally, most "localhost" spammers are already blocked by the zen.spamhaus.org blacklist. I would highly recommend using it if you aren't already. > I put the feature in place, and have asked questions about how to > optimize and configure the feature. > > If you look at the thread you'll see that Noel offered input on how > to use the feature. > > I appreciate your taking the time to read the message. But it > appears that you don't understand the question or the problem. If > you review "helo_access" it'll start making more sense to you. Wietse wrote postfix and the docs. One can assume he is familiar with how it works. > > I understand the problem very well and was looking for assistance in > configuring the "helo_access" feature which addresses the issue. We're all waiting for you to show evidence that supports your claims. > > By the way, I found a working resolution of which I'll update my > response to Noel after I have consolidated the steps. I want to > make the solution more clear for others who try to use the feature. I can hardly wait. > > If you took my advice and actually Google the feature you'll see > that it's presented many times. However, the actually application > of it wasn't clear enough to me for it to actually be functional. It > became clearer after Noel's post. > > -- L. James > -- Noel Jones
