[NCLUG] Spam Help

Neil Neely neil at neely.cx
Wed Dec 3 10:18:45 MST 2008 

A cup of coffee later and I see I overlooked the obvious in my  
original reply - thanks for catching that :)

Definitely a case of testing the envelope and not the header.

What the OP needs is header_checks in the mix (to accomplish what he  
specifically is asking for - there are many anti-uce strategies as  
well):
http://www.postfix.org/uce.html

To test your rule:

telnet your.ip.here

MAIL FROM: randomaddr at aol.com
RCPT TO: chris at us-reports.com
DATA
From: chris at us-reports.com
To: chris at us-reports.com
Subject: test

test
.


This will test what you are intending to test.



Neil Neely
http://neil-neely.blogspot.com




On Dec 3, 2008, at 9:44 AM, Ben West wrote:

> could the headers be forged?
>
> On Wed, Dec 3, 2008 at 9:10 AM, Neil Neely <neil at neely.cx> wrote:
>
>> I'm assuming the 'reject_non,fqdn_sender' is a typo, but I'm not
>> immediately seeing any reason for this problem - can you run  
>> "postconf |
>> grep restrict" and send it to the list?  It seems possible you've got
>> another restriction set that's authorizing them to get through  
>> regardless of
>> the sender check.  Possibly something where you are returning "OK"  
>> from a
>> check instead of "DUNNO".
>>
>>
>> Neil Neely
>> http://neil-neely.blogspot.com
>>
>>
>>
>>
>>
>> On Dec 3, 2008, at 8:40 AM, Chris Funk wrote:
>>
>> Hi All,
>>>
>>> I am having a horrible time with spam that has a Mail From address  
>>> of my
>>> users.  i.e.  the email appears to come from their own address.   
>>> In the
>>> header the From address is their own, but the return to address is  
>>> something
>>> else, not in our domain.  Here is an example.
>>>
>>> Received: from adsl-84-226-68-102.adslplus.ch (
>>> adsl-84-226-68-102.adslplus.ch
>>> [84.226.68.102])       by mail.us-reports.com (Postfix) with SMTP id
>>> EBF9E16C0F1
>>>      for <chris at us-reports.com>; Wed,  3 Dec 2008 06:16:28 -0700  
>>> (MST)
>>> To: <chris at us-reports.com>
>>> Subject: Your Order
>>> From: <chris at us-reports.com>
>>> MIME-Version: 1.0
>>> Importance: High
>>> Content-Type: text/html
>>> Message-ID: <20081203131632.EBF9E16C0F1 at mail.us-reports.com>
>>> Date: Wed, 3 Dec 2008 06:16:28 -0700
>>> Return-Path: omga at amb.es
>>>
>>> Here is my smtpd_sender_restrictions line from main.cf
>>> Smtpd_sender_restrictions = permit_mynetworks,  
>>> permit_sasl_authenticated,
>>> check_sender_access hash:/etc/postfix/sender_access,  
>>> reject_non,fqdn_sender,
>>> reject_unknown_sender_domain
>>>
>>> My sender_access file is:
>>> us-reports.com  REJECT  NO SPAMMING
>>> My.ip.add.res   REJECT  NO SPAMMING
>>>
>>> When I telnet in and try to do a
>>> HELO junk.com
>>> MAIL FROM:chris at us-reports.com <FROM%3Achris at us-reports.com>
>>> RCPT TO:chris at us-reports.com <TO%3Achris at us-reports.com>
>>>
>>> It stops me with "Sender address rejected: NO SPAMMING
>>>
>>> Any idea how the spammers are getting around this?  I can send my  
>>> entire
>>> main.cf file if that will help.
>>>
>>> Thanks
>>> Chris
>>>
>>>
>>>
>>> SPECIAL NOTE TO CLIENTS
>>> If you or your organization are a client of this firm and this  
>>> electronic
>>> mail message is directed to you, please do not forward this  
>>> transmission to
>>> any other party. Strict confidentiality is necessary with respect  
>>> to our
>>> communication in order to maintain applicable privileges. Thank you.
>>>
>>> CONFIDENTIALITY NOTICE
>>> This electronic mail and any attachments contain information which  
>>> is the
>>> property of the sender and which may be confidential and legally  
>>> privileged.
>>> The information in this transmission is intended only for the use  
>>> of the
>>> person or entity to whom the electronic mail was sent, as  
>>> indicated above.
>>> If you are not the intended recipient, any disclosure, copying,
>>> distribution, dissemination or action taken in reliance on the  
>>> contents of
>>> the information contained in this transmission is strictly  
>>> prohibited.
>>> _______________________________________________
>>> NCLUG mailing list       NCLUG at nclug.org
>>>
>>> To unsubscribe, subscribe, or modify
>>> your settings, go to:
>>> http://www.nclug.org/mailman/listinfo/nclug
>>>
>>
>> _______________________________________________
>> NCLUG mailing list       NCLUG at nclug.org
>>
>> To unsubscribe, subscribe, or modifyyour settings, go to:
>> http://www.nclug.org/mailman/listinfo/nclug
>>
>
>
>
> -- 
> /ˈmɪstər/ /ˈdʒɛnəsɪs/@/dʒi/ /meɪl/ /dɒt/ /kɒm/
> Benjamin West
> _______________________________________________
> NCLUG mailing list       NCLUG at nclug.org
>
> To unsubscribe, subscribe, or modify
> your settings, go to:
> http://www.nclug.org/mailman/listinfo/nclug

More information about the NCLUG mailing list