More about "Allow only mu servers to send mail from my domain"

Fri, 08 Aug 2014 05:54:21 -0700 

Hi Everybody,
I was trying to use check_sender_access as sugested here in the forum to avoid this type of SPAMs. But it is not working. check_sender_access works more like a blacklist and the spammers are ready for that. 

Check this message bellow:

First the maillog:

Aug  7 17:40:19 hubble cbpolicyd[20640]: module=Greylisting,  
action=pass, host=81.45.22.109,  
helo=109.Red-81-45-22.staticIP.rima-tde.net,  
from=www-d...@109.red-81-45-22.staticip.rima-tde.net,  
to=webmas...@iqm.unicamp.br, reason=authenticated
Aug  7 17:40:19 hubble postfix/smtpd[21446]: 7319F143C27:  
client=109.Red-81-45-22.staticIP.rima-tde.net[81.45.22.109]
Aug  7 17:40:19 hubble postfix/cleanup[21233]: 7319F143C27:  
message-id=<20140807202603.b31032...@109.red-81-45-22.staticip.rima-tde.net>
Aug  7 17:40:19 hubble postfix/qmgr[21657]: 7319F143C27:  
from=<www-d...@109.red-81-45-22.staticip.rima-tde.net>, size=2838,  
nrcpt=1 (queue active)
Aug  7 17:40:19 hubble postfix/smtpd[21446]: disconnect from  
109.Red-81-45-22.staticIP.rima-tde.net[81.45.22.109]

Aug  7 17:40:19 hubble postfix/smtpd[20751]: connect from localhost[127.0.0.1]

Aug  7 17:40:19 hubble postfix/smtpd[20751]: EB443143C3C:  
client=localhost[127.0.0.1]
Aug  7 17:40:20 hubble postfix/cleanup[21534]: EB443143C3C:  
message-id=<20140807202603.b31032...@109.red-81-45-22.staticip.rima-tde.net>
Aug  7 17:40:20 hubble postfix/qmgr[21657]: EB443143C3C:  
from=<www-d...@109.red-81-45-22.staticip.rima-tde.net>, size=3315,  
nrcpt=1 (queue active)

Aug  7 17:40:20 hubble amavis[21479]: (21479-01) loaded policy bank "MYNETS"

Aug  7 17:40:20 hubble amavis[21479]: (21479-01) ESMTP::10024  
/var/spool/amavisd/tmp/amavis-20140807T174020-21479-yVTh_Crs:  
<www-d...@109.red-81-45-22.staticip.rima-tde.net> ->  
<webmas...@iqm.unicamp.br> SIZE=3315 Received: from  
mail.iqm.unicamp.br ([127.0.0.1]) by localhost (hubble.iqm.unicamp.br  
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP for  
<webmas...@iqm.unicamp.br>; Thu,  7 Aug 2014 17:40:20 -0300 (BRT)
Aug  7 17:40:20 hubble postfix/smtpd[20751]: disconnect from  
localhost[127.0.0.1]
Aug  7 17:40:20 hubble postfix/lmtp[20103]: 7319F143C27:  
to=<webmas...@iqm.unicamp.br>,  
relay=mail.iqm.unicamp.br[/var/run/dspam/dspam.sock], delay=1.3,  
delays=0.97/0/0/0.31, dsn=2.6.0, status=sent (250 2.6.0  
<webmas...@iqm.unicamp.br> Message accepted for delivery)

Aug  7 17:40:20 hubble postfix/qmgr[21657]: 7319F143C27: removed



Notice that the message was sent from  
from=www-d...@109.red-81-45-22.staticip.rima-tde.net  
to=webmas...@iqm.unicamp.br



When I received the message the header inside the e-mail message contains:

Return-Path: <www-d...@109.red-81-45-22.staticip.rima-tde.net>
Delivered-To: <andre.p...@iqm.unicamp.br>
Received: from mail.iqm.unicamp.br ([143.106.51.19])
        by kepler.iqm.unicamp.br (Dovecot) with LMTP id QB7kFa6P41PyTwAAV0VrhQ
        for <andre.p...@iqm.unicamp.br>; Thu, 07 Aug 2014 17:40:24 -0300
Received: from localhost (localhost [127.0.0.1])
        by mail.iqm.unicamp.br (Postfix) with ESMTP id 501F51449AD
        for <webmas...@iqm.unicamp.br>; Thu,  7 Aug 2014 17:40:24 -0300 (BRT)
Received: from mail.iqm.unicamp.br ([127.0.0.1])
        by localhost (hubble.iqm.unicamp.br [127.0.0.1]) (amavisd-new, port 
10024)
        with ESMTP id fmX2GScyk8hw for <webmas...@iqm.unicamp.br>;
        Thu,  7 Aug 2014 17:40:20 -0300 (BRT)
Received: from localhost (localhost [127.0.0.1])
        by mail.iqm.unicamp.br (Postfix) with SMTP id EB443143C3C
        for <webmas...@iqm.unicamp.br>; Thu,  7 Aug 2014 17:40:19 -0300 (BRT)

Received: from 109.Red-81-45-22.staticIP.rima-tde.net  
(109.Red-81-45-22.staticIP.rima-tde.net [81.45.22.109])

        by mail.iqm.unicamp.br (Postfix) with ESMTP id 7319F143C27
        for <webmas...@iqm.unicamp.br>; Thu,  7 Aug 2014 17:40:18 -0300 (BRT)
Received: by 109.Red-81-45-22.staticIP.rima-tde.net (Postfix, from userid 33)
        id B31032836; Thu,  7 Aug 2014 20:26:03 +0000 (UTC)
To: webmas...@iqm.unicamp.br
Subject:   CRUZ ALTA LTDA
X-PHP-Originating-Script: 0:mag.php
MIME-Version: 1.0
Content-type: text/html; charset=iso-8859-1
X-Mailer: Microsoft Office Outlook, Build 17.551210
From: webmas...@iqm.unicamp.br
Message-Id: <20140807202603.b31032...@109.red-81-45-22.staticip.rima-tde.net>
Date: Thu,  7 Aug 2014 20:26:03 +0000 (UTC)

Inside the message, the FROM contains webmaster@mydomain...

Is there a way to create rules like check_sender_access but based on  
the header inside the mail message instead of the server connection?
I cannot block messages with SPF, because here we have a lot of false  
positives.


Thanks























					Reply via email to