[NCLUG] Spam Help

Ben West mrgenixus at gmail.com
Wed Dec 3 09:44:17 MST 2008


could the headers be forged?

On Wed, Dec 3, 2008 at 9:10 AM, Neil Neely <neil at neely.cx> wrote:

> I'm assuming the 'reject_non,fqdn_sender' is a typo, but I'm not
> immediately seeing any reason for this problem - can you run "postconf |
> grep restrict" and send it to the list?  It seems possible you've got
> another restriction set that's authorizing them to get through regardless of
> the sender check.  Possibly something where you are returning "OK" from a
> check instead of "DUNNO".
>
>
> Neil Neely
> http://neil-neely.blogspot.com
>
>
>
>
>
> On Dec 3, 2008, at 8:40 AM, Chris Funk wrote:
>
>  Hi All,
>>
>> I am having a horrible time with spam that has a Mail From address of my
>> users.  i.e.  the email appears to come from their own address.  In the
>> header the From address is their own, but the return to address is something
>> else, not in our domain.  Here is an example.
>>
>> Received: from adsl-84-226-68-102.adslplus.ch (
>> adsl-84-226-68-102.adslplus.ch
>> [84.226.68.102])       by mail.us-reports.com (Postfix) with SMTP id
>> EBF9E16C0F1
>>       for <chris at us-reports.com>; Wed,  3 Dec 2008 06:16:28 -0700 (MST)
>> To: <chris at us-reports.com>
>> Subject: Your Order
>> From: <chris at us-reports.com>
>> MIME-Version: 1.0
>> Importance: High
>> Content-Type: text/html
>> Message-ID: <20081203131632.EBF9E16C0F1 at mail.us-reports.com>
>> Date: Wed, 3 Dec 2008 06:16:28 -0700
>> Return-Path: omga at amb.es
>>
>> Here is my smtpd_sender_restrictions line from main.cf
>> Smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated,
>> check_sender_access hash:/etc/postfix/sender_access, reject_non,fqdn_sender,
>> reject_unknown_sender_domain
>>
>> My sender_access file is:
>> us-reports.com  REJECT  NO SPAMMING
>> My.ip.add.res   REJECT  NO SPAMMING
>>
>> When I telnet in and try to do a
>> HELO junk.com
>> MAIL FROM:chris at us-reports.com <FROM%3Achris at us-reports.com>
>> RCPT TO:chris at us-reports.com <TO%3Achris at us-reports.com>
>>
>> It stops me with "Sender address rejected: NO SPAMMING
>>
>> Any idea how the spammers are getting around this?  I can send my entire
>> main.cf file if that will help.
>>
>> Thanks
>> Chris
>>
>>
>>
>> SPECIAL NOTE TO CLIENTS
>> If you or your organization are a client of this firm and this electronic
>> mail message is directed to you, please do not forward this transmission to
>> any other party. Strict confidentiality is necessary with respect to our
>> communication in order to maintain applicable privileges. Thank you.
>>
>> CONFIDENTIALITY NOTICE
>> This electronic mail and any attachments contain information which is the
>> property of the sender and which may be confidential and legally privileged.
>> The information in this transmission is intended only for the use of the
>> person or entity to whom the electronic mail was sent, as indicated above.
>> If you are not the intended recipient, any disclosure, copying,
>> distribution, dissemination or action taken in reliance on the contents of
>> the information contained in this transmission is strictly prohibited.
>> _______________________________________________
>> NCLUG mailing list       NCLUG at nclug.org
>>
>> To unsubscribe, subscribe, or modify
>> your settings, go to:
>> http://www.nclug.org/mailman/listinfo/nclug
>>
>
> _______________________________________________
> NCLUG mailing list       NCLUG at nclug.org
>
> To unsubscribe, subscribe, or modifyyour settings, go to:
> http://www.nclug.org/mailman/listinfo/nclug
>



-- 
/ˈmɪstər/ /ˈdʒɛnəsɪs/@/dʒi/ /meɪl/ /dɒt/ /kɒm/
Benjamin West


More information about the NCLUG mailing list