[NCLUG] Spam Help

Chris Funk chris at us-reports.com
Wed Dec 3 11:26:49 MST 2008 

Thanks for all the info.

Here is the result of postconf | grep restrict

[chris at mail postfix]# postconf | grep restrict
smtpd_client_restrictions =

smtpd_data_restrictions = reject_unauth_pipelining

smtpd_end_of_data_restrictions =

smtpd_etrn_restrictions =

smtpd_helo_restrictions = permit_mynetworks,
        permit_sasl_authenticated,
        check_helo_access hash:/etc/postfix/helo_access,        reject_invalid_hostname,
        reject_non_fqdn_hostname, permit

smtpd_recipient_restrictions = permit_mynetworks,
        permit_sasl_authenticated,
        reject_non_fqdn_recipient,
        reject_unknown_recipient_domain,
        reject_rbl_client sbl.spamhaus.org,
        reject_rbl_client list.dsbl.org,
        reject_unauth_pipelining,
        reject_unauth_destination

smtpd_restriction_classes =

smtpd_sender_restrictions = permit_mynetworks,
        permit_sasl_authenticated,
        check_sender_access hash:/etc/postfix/sender_access,    reject_non_fqdn_sender,
        reject_unknown_sender_domain, permit

So if I setup a header_check with something like:

/^From: *@us-reports\.com$/     REJECT

Add that to my smtpd_recipient_restrictions line after permit_mynetworks that will still allow all internal mail to bypass the header_check right?

Thanks

=============================================
Chris Funk
US-Reports, Inc.
chris at us-reports.com

-----Original Message-----
From: nclug-bounces at nclug.org [mailto:nclug-bounces at nclug.org] On Behalf Of Neil Neely
Sent: Wednesday, December 03, 2008 9:10 AM
To: Northern Colorado Linux Users Group
Subject: Re: [NCLUG] Spam Help

I'm assuming the 'reject_non,fqdn_sender' is a typo, but I'm not
immediately seeing any reason for this problem - can you run "postconf
| grep restrict" and send it to the list?  It seems possible you've
got another restriction set that's authorizing them to get through
regardless of the sender check.  Possibly something where you are
returning "OK" from a check instead of "DUNNO".


Neil Neely
http://neil-neely.blogspot.com




On Dec 3, 2008, at 8:40 AM, Chris Funk wrote:

> Hi All,
>
> I am having a horrible time with spam that has a Mail From address
> of my users.  i.e.  the email appears to come from their own
> address.  In the header the From address is their own, but the
> return to address is something else, not in our domain.  Here is an
> example.
>
> Received: from adsl-84-226-68-102.adslplus.ch
> (adsl-84-226-68-102.adslplus.ch
> [84.226.68.102])       by mail.us-reports.com (Postfix) with SMTP id
> EBF9E16C0F1
>        for <chris at us-reports.com>; Wed,  3 Dec 2008 06:16:28 -0700
> (MST)
> To: <chris at us-reports.com>
> Subject: Your Order
> From: <chris at us-reports.com>
> MIME-Version: 1.0
> Importance: High
> Content-Type: text/html
> Message-ID: <20081203131632.EBF9E16C0F1 at mail.us-reports.com>
> Date: Wed, 3 Dec 2008 06:16:28 -0700
> Return-Path: omga at amb.es
>
> Here is my smtpd_sender_restrictions line from main.cf
> Smtpd_sender_restrictions = permit_mynetworks,
> permit_sasl_authenticated, check_sender_access hash:/etc/postfix/
> sender_access, reject_non,fqdn_sender, reject_unknown_sender_domain
>
> My sender_access file is:
> us-reports.com  REJECT  NO SPAMMING
> My.ip.add.res   REJECT  NO SPAMMING
>
> When I telnet in and try to do a
> HELO junk.com
> MAIL FROM:chris at us-reports.com
> RCPT TO:chris at us-reports.com
>
> It stops me with "Sender address rejected: NO SPAMMING
>
> Any idea how the spammers are getting around this?  I can send my
> entire main.cf file if that will help.
>
> Thanks
> Chris
>
>
>
> SPECIAL NOTE TO CLIENTS
> If you or your organization are a client of this firm and this
> electronic mail message is directed to you, please do not forward
> this transmission to any other party. Strict confidentiality is
> necessary with respect to our communication in order to maintain
> applicable privileges. Thank you.
>
> CONFIDENTIALITY NOTICE
> This electronic mail and any attachments contain information which
> is the property of the sender and which may be confidential and
> legally privileged. The information in this transmission is intended
> only for the use of the person or entity to whom the electronic mail
> was sent, as indicated above. If you are not the intended recipient,
> any disclosure, copying, distribution, dissemination or action taken
> in reliance on the contents of the information contained in this
> transmission is strictly prohibited.
> _______________________________________________
> NCLUG mailing list       NCLUG at nclug.org
>
> To unsubscribe, subscribe, or modify
> your settings, go to:
> http://www.nclug.org/mailman/listinfo/nclug

_______________________________________________
NCLUG mailing list       NCLUG at nclug.org

To unsubscribe, subscribe, or modify
your settings, go to:
http://www.nclug.org/mailman/listinfo/nclug



SPECIAL NOTE TO CLIENTS
If you or your organization are a client of this firm and this electronic mail message is directed to you, please do not forward this transmission to any other party. Strict confidentiality is necessary with respect to our communication in order to maintain applicable privileges. Thank you.

CONFIDENTIALITY NOTICE
This electronic mail and any attachments contain information which is the property of the sender and which may be confidential and legally privileged. The information in this transmission is intended only for the use of the person or entity to whom the electronic mail was sent, as indicated above. If you are not the intended recipient, any disclosure, copying, distribution, dissemination or action taken in reliance on the contents of the information contained in this transmission is strictly prohibited.

More information about the NCLUG mailing list