Blocking emails that claim to come from our domain
Erick Perez
eaperezh at GMAIL.COM
Wed Dec 7 16:23:05 GMT 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
isnt this supposed to work?
smtpd_client_restrictions = permit_mynetworks, check_client_access
hash:/etc/postfix/mydomain_rules, warn_if_reject
smtpd_helo_restrictions = permit_mynetworks, check_client_access
hash:/etc/postfix/mydomain_rules, warn_if_reject
however in the logs:
Dec 7 11:19:14 mail postfix/smtpd[15886]: 5A89575854F:
client=fpacifico.com[numericlinkwarning 201.226.94.250]
Dec 7 11:19:19 mail postfix/cleanup[15932]: 5A89575854F: hold: header
Received: from erick (fpacifico.com [numericlinkwarning
201.226.94.250])??by mail.flyairpanama.com (mail.flyairpanama.com) with
SMTP id 5A89575854F??for <eaperezh at flyairpanama.com>; Wed, 7 Dec 2005
11:19:04 -0500 (EST) from fpacifico.com[numericlinkwarning
201.226.94.250]; from=<eaperezh at flyairpanama.com>
to=<eaperezh at flyairpanama.com> proto=SMTP helo=<erick>
Dec 7 11:19:23 mail postfix/virtual[15909]: C157E758570:
to=<eaperezh at flyairpanama.com>, relay=virtual, delay=19, status=sent
(delivered to mailbox)
my mydomain_rules:
flyairpanama.com REJECT Rejected. You are not me.
On 12/7/05, Glenn Steen <glenn.steen at gmail.com> wrote:
On 07/12/05, Erick Perez <eaperezh at gmail.com> wrote:
> what about MS and postfix?
> where do i implement that?
>
I'm at home on sick-leave (hopfully, just today....), so this
is
entirely from memory (and that is a bit flaky at best:-)...
As said, I apply a restriktion on helo and on senders so this
might
look something like (in main.cf "#" inserted to show where
the lines
are (wrapping))
#
smtpd_helo_restrictions = permit_mynetworks,
reject_invalid_hostname,
reject_non_fqdn_hostname, check_helo_access
hash:/path/to/access_map/file
#
smtpd_helo_restrictions =
permit_mynetworks, check_sender_access
hash:/path/to/access_map/file
#
And in the map file, you have a line rejecting your own
domain... something like
yourdomain.tld REJECT You are not me...
Then couple that with the recipient maps check (for valid
recipients),
and then you can only receive mail from non-spoofing senders
to valid
recipients (that part is described well in the MailScanner
wiki). You
can, of course, couple these restrictions with any
restrictions you
feel are necessary ("man 5 postconf" is a good place to see
exactly
what settings you have available)
.... Or did I missunderstand your question?
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
------------------------ MailScanner list
------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and
the archives (
http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the
website!
--
-------------------------------------------
Erick Perez
Linux User 376588
http://counter.li.org/ (Get counted!!!)
Panama, Republic of Panama
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list