Hi,
We are getting spam frequently with emails which appear to be coming from our domain.
Based on that it gets pushed through.
Is there a spamassassin rule ( extension ) I could add to stop that by verifying if the user exist in our ldap?
Another option would be to stop all email which are coming from the outside with our domain ( which I think would work as well ).
Any opinions would be appreciated.
We are getting spam frequently with emails which appear to be coming from our domain.
Based on that it gets pushed through.
Is there a spamassassin rule ( extension ) I could add to stop that by verifying if the user exist in our ldap?
Another option would be to stop all email which are coming from the outside with our domain ( which I think would work as well ).
Any opinions would be appreciated.
Share this post:
Responses (10)
-
Accepted Answer
I'm sorry but you've got me on that one. I don't get the same backscatter at all - unless there is a big storm waiting to get me as soon as some timeout period elapses. Reading the notes in the /etc/postfix/access file, you could perhaps try changing the action to DISCARD.
Alternatively have a look at /etc/postfix/header_checks to try to kill off the bounces.
It does make me wonder if you have been used as an open relay of some sort, or if you have turned on SMTP Authentication and someone has guessed your passwords. -
Accepted Answer
Hi Nick,
Thanks, I have tried that and it seems to work
The side effects of this is a delivery of undeliverable email message
So for example if spammers use my email or a valid email address as from that address will get following email:
"This is the mail system at host mail.sendingdomain.com.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system"
Any easy ways of dealing with it? -
Accepted Answer
Nick Howitt wrote:
This is brilliant!
I've done some hunting round and I found this and I'm giving it a go.
I've added:
to /etc/postfix/access then run "postmap /etc/postfix/access". In main.cf my smtpd_sender_restrictions now read:howitts.co.uk REJECT
I've reloaded postfix and let's see what happens!smtpd_sender_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
check_sender_access hash:/etc/postfix/access,
reject_non_fqdn_sender,
reject_invalid_hostname
2 weeks ago I had 85 attempts like this. 36 of these would have been rejected because of
but I've disabled this check for the moment. Every one of them would have been blocked by spamhaus filtering in main.cf but this is much "cheaper" and faster in computing terms as you don't have to refer to an external DNS lookup.smtpd_client_restrictions = reject_unknown_reverse_client_hostname
[edit]
Just in case anyone is wondering, I also access my server from the outside the LAN but only via port 587. ClearOS is already set up to allow access by port 465 - it just needs the firewall opening. The port 587 set up is also quite easy. This check only affects port 25 and can probably be moved up above "permit_sasl_authenticated" if you never want to relay from external via port 25. My own personal recommendation is to never allow relaying via port 25 to keep clear of the password cracking bots and script kiddies.
[/edit] -
Accepted Answer
I've done some hunting round and I found this and I'm giving it a go.
I've added:
to /etc/postfix/access then run "postmap /etc/postfix/access". In main.cf my smtpd_sender_restrictions now read:howitts.co.uk REJECT
I've reloaded postfix and let's see what happens!smtpd_sender_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
check_sender_access hash:/etc/postfix/access,
reject_non_fqdn_sender,
reject_invalid_hostname
-
Accepted Answer
If you search the forum for something like main.cf you'll find how I have hardened my postfix although it is quite aggressive.
As another idea for you, you could set up an spf record with a "fail" action. I have not had the courage to do this and only use a softfail. You also have to be careful if you relay your mail out via an ISP's (or e-mail host's) mail server that you include their smtp servers as permitted senders. My spf record reads:
You can see that I relay out via virginmedia.com so I have to include their spf record. I then have to trust they get it right ......... hence the softfail.v=spf1 mx a:howitts.co.uk include:virginmedia.com ~all
I am assuming than an spf fail will get picked up by spamassassin so will help with spam detection. -
Accepted Answer
You'll need to google "postfix header_checks" for your gateway (if it relays to your internal server and not port forwards) and but it sounds promising if you use a different mail-server for local e-mails.
There are a few other things I do, but the main one I do is absolutely trust spamhaus and add "reject_rbl_client zen.spamhaus.org" to smtpd_recipient_restrictions in /etc/postfix/main.cf. -
Accepted Answer
-
Accepted Answer
I'd thought about that one before. You can block mail coming from and going to your domain but sadly it block all internal e-mails - this would be done with postfix and not spamassassin.
The pure ClearOS thing you can do is to activate greylisting. This cuts out a lot of rubbish. If you do, it may be an idea to update /etc/postfix/postgrey_whitelist_clients from the sources at https://github.com/schweikert/postgrey. If you use Ebay, also add their servers to /etc/postfix/postgrey_whitelist_clients.local
I'd also post on the spamassassin mailing list.
In postfix you may be able to run filter on mail with a from of your domain coming from outside your domain, but you'd probably need to post on the postfix list.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »