[NCLUG] Spam Help

Stephen Warren swarren at wwwdotorg.org
Wed Dec 3 09:56:45 MST 2008 

On Wed, December 3, 2008 8:40 am, Chris Funk wrote:
> Hi All,
>
> I am having a horrible time with spam that has a Mail From address of my
> users.  i.e.  the email appears to come from their own address.  In the
> header the From address is their own, but the return to address is
> something else, not in our domain.

I think you've just described exactly why this is happening.

Postfix is validating the envelope sender during the SMTP transaction, and
you already stated that the spammers aren't using envelope senders in your
domain, hence why postfix is not rejecting the emails.

The From address that a mail client displays is typically derived from the
"From:" header within the email. AFAIK, postfix doesn't validate this
(since it's part of the message body).

However, you could certainly set up some kind of filtering rule (using
postfix's header check feature), or send the content through an external
filtering process to do this (using smtpd_proxy_filter).

>  Here is an example.
>
> Received: from adsl-84-226-68-102.adslplus.ch
> (adsl-84-226-68-102.adslplus.ch
>  [84.226.68.102])       by mail.us-reports.com (Postfix) with SMTP id
> EBF9E16C0F1
>         for <chris at us-reports.com>; Wed,  3 Dec 2008 06:16:28 -0700 (MST)
> To: <chris at us-reports.com>
> Subject: Your Order
> From: <chris at us-reports.com>
> MIME-Version: 1.0
> Importance: High
> Content-Type: text/html
> Message-ID: <20081203131632.EBF9E16C0F1 at mail.us-reports.com>
> Date: Wed, 3 Dec 2008 06:16:28 -0700
> Return-Path: omga at amb.es
>
> Here is my smtpd_sender_restrictions line from main.cf
> Smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated,
> check_sender_access hash:/etc/postfix/sender_access,
> reject_non,fqdn_sender, reject_unknown_sender_domain
>
> My sender_access file is:
> us-reports.com  REJECT  NO SPAMMING
> My.ip.add.res   REJECT  NO SPAMMING
>
> When I telnet in and try to do a
> HELO junk.com
> MAIL FROM:chris at us-reports.com
> RCPT TO:chris at us-reports.com
>
> It stops me with "Sender address rejected: NO SPAMMING
>
> Any idea how the spammers are getting around this?  I can send my entire
> main.cf file if that will help.
>
> Thanks
> Chris
>
>
>
> SPECIAL NOTE TO CLIENTS
> If you or your organization are a client of this firm and this electronic
> mail message is directed to you, please do not forward this transmission
> to any other party. Strict confidentiality is necessary with respect to
> our communication in order to maintain applicable privileges. Thank you.
>
> CONFIDENTIALITY NOTICE
> This electronic mail and any attachments contain information which is the
> property of the sender and which may be confidential and legally
> privileged. The information in this transmission is intended only for the
> use of the person or entity to whom the electronic mail was sent, as
> indicated above. If you are not the intended recipient, any disclosure,
> copying, distribution, dissemination or action taken in reliance on the
> contents of the information contained in this transmission is strictly
> prohibited.
> _______________________________________________
> NCLUG mailing list       NCLUG at nclug.org
>
> To unsubscribe, subscribe, or modify
> your settings, go to:
> http://www.nclug.org/mailman/listinfo/nclug
>
>

More information about the NCLUG mailing list