bloquing phising MAIL FROM sender name
Hi! I'm having problems to block phishing email with this kind of header: From: "h...@mydomain.com ". I want to configure postifx to allow "mydomain.com" email only for certain IPS. I added this ips to smtpd_client_restrictions whitelist and added on smpd_sender_restrictions mydomain.com REJECT. This works when sender name and sender adress is the same on From header, but not with previous example. I try to fix them adding restrictions with "heder_checks", but header_checks is aplying after whitelist and aplies always. I have no way (or I dont know) to "whitelist ip" over header_checks. There are any mistake on my configurations? the only way is build a custom filter to check domain and IP to reject it?. Thank you!.
Re: bloquing phising MAIL FROM sender name
V?ctor Rubiella Monfort: > Hi! > > I'm having problems to block phishing email with this kind of header: > > From: "h...@mydomain.com ". This could be done with header_cheks, but I think that you have some quote in the wrong place so I won't give a specific solution. > I want to configure postifx to allow "mydomain.com" email only for > certain IPS. That would require a content filter - header_checks applies only to headers, and smtpd_xxx_restrictions applies only to SMTP events. The Postfix built-in features are not designed for complex policies (if the client IP address is not X, then block messages that match header pattern Y). An external content filter is better for doing such things. I expect that SpamAssassin and the like will easily block such abuse. Wietse
Re: bloquing phising MAIL FROM sender name
On Mon, Nov 07, 2022 at 04:21:08PM +0100, Víctor Rubiella Monfort wrote: > I'm having problems to block phishing email with this kind of header: > > From: h...@mydomain.com I removed the extraneous quotes, the address was almost certainly as shown above. Note that the "h...@mydomain.com" portion is not an email address! It is rather a "display name", and preventing forgery of "display names" is best done in the MUA, by always displaying the full address. If you want to strictly enforce some policy on display names, you'll need a milter that can carefully parse addresses in message headers, and then look for "phishy" display name forms. There are no built-in feature in Postfix for this sort of thing. -- Viktor.
