This ought to be simple to stop. Am I missing something?

Phil Stracchino Tue, 12 Jul 2016 06:14:59 -0700

I'm getting spam leaking through from sites with non-resolving IP or
invalid DNS, sending mail to myself as me.  Here's an example:



Jul 12 08:03:52 minbar postfix/smtpd[17824]: warning: hostname
static.vnpt.vn does not resolve to address 14.167.212.244
Jul 12 08:03:52 minbar postfix/smtpd[17824]: connect from
unknown[14.167.212.244]
Jul 12 08:03:53 minbar postfix/smtpd[17824]: 4F5D74037FB5B:
client=unknown[14.167.212.244]
Jul 12 08:03:53 minbar postfix/cleanup[17827]: 4F5D74037FB5B:
message-id=<003601d1dc70$06d04a92$13f689a9@dveov>
Jul 12 08:03:53 minbar opendkim[4236]: 4F5D74037FB5B: external host
[14.167.212.244] attempted to send as caerllewys.net
Jul 12 08:03:53 minbar postfix/qmgr[15588]: 4F5D74037FB5B:
from=<ph...@caerllewys.net>, size=2201, nrcpt=1 (queue active)
Jul 12 08:03:54 minbar postfix/pickup[16696]: 018314037FB5D: uid=1666
from=<ph...@caerllewys.net>
Jul 12 08:03:54 minbar postfix/cleanup[17827]: 018314037FB5D:
message-id=<003601d1dc70$06d04a92$13f689a9@dveov>
Jul 12 08:03:54 minbar postfix/pipe[17828]: 4F5D74037FB5B:
to=<ph...@caerllewys.net>, relay=dspam, delay=0.69,
delays=0.66/0.01/0/0.02, dsn=2.0.0, status=sent (delivered via dspam
service)
Jul 12 08:03:54 minbar postfix/qmgr[15588]: 4F5D74037FB5B: removed
Jul 12 08:03:54 minbar opendkim[4236]: 018314037FB5D: DKIM-Signature
field added (s=dkim, d=caerllewys.net)
Jul 12 08:03:54 minbar postfix/qmgr[15588]: 018314037FB5D:
from=<ph...@caerllewys.net>, size=2321, nrcpt=1 (queue active)
Jul 12 08:03:54 minbar postfix/local[17843]: 018314037FB5D:
to=<ph...@caerllewys.net>, relay=local, delay=0.05,
delays=0.04/0.01/0/0, dsn=2.0.0, status=sent (delivered to mailbox)
Jul 12 08:03:54 minbar postfix/qmgr[15588]: 018314037FB5D: removed
Jul 12 08:03:54 minbar postfix/smtpd[17824]: disconnect from
unknown[14.167.212.244] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5


I have the following helo and sender restrictions in place:

smtpd_helo_restrictions =       reject_invalid_hostname
                                reject_unknown_sender_domain
                                reject_non_fqdn_sender
                                reject_unknown_reverse_client_hostname

smtpd_sender_restrictions =     permit_mynetworks
                                reject_invalid_hostname
                                reject_unknown_sender_domain
                                reject_non_fqdn_sender


OpenDKIM is picking up that 14.167.212.244 is falsely trying to send
mail as caerllewys.net, but Postfix is letting it happen.  I just added
a pcre restriction to smtpd_helo_restrictions to refuse any host trying
to HELO as 'caerllewys.net', though I haven't had time yet to see
whether it works, but surely there should be some straightforward
directive to tell Postfix not to allow a site outside of $mynetworks to
send me mail using my own email address as sender.

Am I missing something that should be obvious?



-- 
  Phil Stracchino
  Babylon Communications
  ph...@caerllewys.net
  p...@co.ordinate.org
  Landline: 603.293.8485

This ought to be simple to stop. Am I missing something?

Reply via email to