Blocking emails that claim to come from our domain

Denis Beauchemin Denis.Beauchemin at USHERBROOKE.CA
Wed Dec 7 21:22:55 GMT 2005 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Erick Perez wrote:

> it worked now.
> reject invalids helo
> but does not reject if the mail from: comes from a user at domain
>
> example:
>
> Dec  7 15:54:36 mail postfix/smtpd[23352]: 4F39275854F: 
> client=unknown[200.46.223.90 <http://200.46.223.90>]
> Dec  7 15:54:42 mail postfix/cleanup[23355]: 4F39275854F: hold: header 
> Received: from testing (unknown [200.46.223.90 
> <http://200.46.223.90>])??by mail.flyairpanama.com 
> <http://mail.flyairpanama.com> (mail.flyairpanama.com 
> <http://mail.flyairpanama.com>) with SMTP id 4F39275854F??for 
> <eaperezh at flyairpanama.com <mailto:eaperezh at flyairpanama.com>>; Wed,  
> 7 Dec 2005 15:54:26 -0500 (EST) from unknown[200.46.223.90 
> <http://200.46.223.90>]; from=<eaperezh at flyairpanama.com 
> <mailto:eaperezh at flyairpanama.com>> to=<eaperezh at flyairpanama.com 
> <mailto:eaperezh at flyairpanama.com>> proto=SMTP helo=<testing>
> Dec  7 15:54:45 mail postfix/virtual[23364]: C600B75855E: 
> to=<eaperezh at flyairpanama.com <mailto:eaperezh at flyairpanama.com>>, 
> relay=virtual, delay=19, status=sent (delivered to mailbox)
>
> this was a
> helo testing
> mail from: eaperezh at flyairpanama dot com
> rcpt to: eaperezh at flyairpanama dot com
>
> all being done from and untrusted network.
>
>
> On 12/7/05, *Glenn Steen* <glenn.steen at gmail.com 
> <mailto:glenn.steen at gmail.com>> wrote:
>
>     On 07/12/05, Erick Perez <eaperezh at gmail.com
>     <mailto:eaperezh at gmail.com>> wrote:
>     > isnt this supposed to work?
>     >
>     >  smtpd_client_restrictions = permit_mynetworks, check_client_access
>     > hash:/etc/postfix/mydomain_rules, warn_if_reject
>     >  smtpd_helo_restrictions = permit_mynetworks, check_client_access
>     > hash:/etc/postfix/mydomain_rules, warn_if_reject
>     >
>     >  however in the logs:
>     >
>     >  Dec  7 11:19:14 mail postfix/smtpd[15886]: 5A89575854F:
>     > client=fpacifico.com[201.226.94.250 <http://201.226.94.250>]
>     >  Dec  7 11:19:19 mail postfix/cleanup[15932]: 5A89575854F: hold:
>     header
>     > Received: from erick (fpacifico.com <http://fpacifico.com>
>     [201.226.94.250 <http://201.226.94.250>])??by
>     > mail.flyairpanama.com <http://mail.flyairpanama.com> (
>     mail.flyairpanama.com <http://mail.flyairpanama.com>) with SMTP id
>     5A89575854F??for
>     > <eaperezh at flyairpanama.com <mailto:eaperezh at flyairpanama.com>>;
>     Wed,  7 Dec 2005 11:19:04 -0500 (EST) from
>     > fpacifico.com[ 201.226.94.250 <http://201.226.94.250>];
>     from=<eaperezh at flyairpanama.com <mailto:eaperezh at flyairpanama.com>>
>     > to=<eaperezh at flyairpanama.com
>     <mailto:eaperezh at flyairpanama.com>> proto=SMTP helo=<erick>
>     >  Dec  7 11:19:23 mail postfix/virtual[15909]: C157E758570:
>     > to=<eaperezh at flyairpanama.com
>     <mailto:eaperezh at flyairpanama.com>>, relay=virtual, delay=19,
>     status=sent
>     > (delivered to mailbox)
>     >
>     >  my mydomain_rules:
>     >  flyairpanama.com <http://flyairpanama.com> REJECT Rejected. You
>     are not me.
>     >
>     >
>     Hm, I suppose you'll be fine "baking them all together" like that....
>     Don't know why you have double check_client_access entries though....
>     Perhaps one was supposed to be a check_sender_access?
>     Amd you postmapped the file? And didn't use a trusted client to test
>     (this need be from a host outside of $mynetworks)?
>
>
Erick,

Maybe you could use http://smtpd.develooper.com/ ?

They seem to have plugins for many things.

Haven't tried it!

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list