Blocking emails that claim to come from our domain
Chris Hammond
chris at TAC.ESI.NET
Wed Dec 7 16:27:54 GMT 2005
Add this line to your main.cf
check_helo_access hash:/etc/postfix/helo_checks
Add this to /etc/postfix as helo_checks and edit to your specifics and postmap the file.
# This file has to be "compiled" with "postmap"
# Reject anybody that HELO's as being in our own domain(s)
# (Note that if you followed the order suggested in the main.cf
# examples, above, that machines in mynetworks will be okay.)
your.domain.com REJECT Internal domain being spoofed.
# Somebody HELO'ing with our IP address?
xxx.xxx.xxx.xxx REJECT You are not xxx.xxx.xxx.xxx
# Somebody HELO'ing as "localhost?" Impossible, we're "localhost"
localhost REJECT You are not localhost
Chris
>>> eaperezh at GMAIL.COM 12/07/05 11:23 am >>>
isnt this supposed to work?
smtpd_client_restrictions = permit_mynetworks, check_client_access
hash:/etc/postfix/mydomain_rules, warn_if_reject
smtpd_helo_restrictions = permit_mynetworks, check_client_access
hash:/etc/postfix/mydomain_rules, warn_if_reject
however in the logs:
Dec 7 11:19:14 mail postfix/smtpd[15886]: 5A89575854F: client=fpacifico.com
[201.226.94.250]
Dec 7 11:19:19 mail postfix/cleanup[15932]: 5A89575854F: hold: header
Received: from erick (fpacifico.com [201.226.94.250])??by
mail.flyairpanama.com (mail.flyairpanama.com) with SMTP id 5A89575854F??for
<eaperezh at flyairpanama.com>; Wed, 7 Dec 2005 11:19:04 - 0500 (EST) from
fpacifico.com[201.226.94.250]; from=<eaperezh at flyairpanama.com> to=<
eaperezh at flyairpanama.com> proto=SMTP helo=<erick>
Dec 7 11:19:23 mail postfix/virtual[15909]: C157E758570: to=<
eaperezh at flyairpanama.com>, relay=virtual, delay=19, status=sent (delivered
to mailbox)
my mydomain_rules:
flyairpanama.com REJECT Rejected. You are not me.
On 12/7/05, Glenn Steen <glenn.steen at gmail.com> wrote:
>
> On 07/12/05, Erick Perez <eaperezh at gmail.com> wrote:
> > what about MS and postfix?
> > where do i implement that?
> >
> I'm at home on sick- leave (hopfully, just today....), so this is
> entirely from memory (and that is a bit flaky at best:- )...
> As said, I apply a restriktion on helo and on senders so this might
> look something like (in main.cf "#" inserted to show where the lines
> are (wrapping))
> #
> smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname,
> reject_non_fqdn_hostname, check_helo_access
> hash:/path/to/access_map/file
> #
> smtpd_helo_restrictions = permit_mynetworks, check_sender_access
> hash:/path/to/access_map/file
> #
> And in the map file, you have a line rejecting your own domain...
> something like
> yourdomain.tld REJECT You are not me...
>
> Then couple that with the recipient maps check (for valid recipients),
> and then you can only receive mail from non- spoofing senders to valid
> recipients (that part is described well in the MailScanner wiki). You
> can, of course, couple these restrictions with any restrictions you
> feel are necessary ("man 5 postconf" is a good place to see exactly
> what settings you have available)
>
> .... Or did I missunderstand your question?
>
> --
> -- Glenn
> email: glenn < dot > steen < at > gmail < dot > com
> work: glenn < dot > steen < at > ap1 < dot > se
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
--
-------------------------------------------
Erick Perez
Linux User 376588
http://counter.li.org/ (Get counted!!!)
Panama, Republic of Panama
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list