[Dovecot] Emails from invalid local accounts

Steven Kiehl nanovox at gmail.com
Fri Oct 19 04:59:40 EEST 2012 

This is great information on some options I should look into further,
however adding the "smtpd_reject_unlisted_sender" option doesn't seem to
eliminate the problem.  What these spammers are doing is forging the "from"
header to be a full address like "accounting at mydomain.com" and they are
sending to a real address like "webmaster at mydomain.com".  So even if the
envelope sender is valid or coming from an outside domain, the visible
originating from address is invalid and is in my own domain.  And I'm
absolutely positive any mail received from these forged from addresses are
spam that shouldn't even be delivered.

This is also complicated further by the use of virtual domains and virtual
alias mapping (all sql based) in the Postfix configuration.  Some of my
problem may be that Postfix might not be able to get a comprehensive list
of valid mailboxes and aliases to deliver to the virtual transport.  I've
tried to define the virtual mailbox maps, but every time I do that the
aliases stop working.

On Thu, Oct 18, 2012 at 5:00 PM, Noel <noeldude at gmail.com> wrote:

> On 10/18/2012 3:32 PM, Steven Kiehl wrote:
> > Hi,
> >
> > I'm using dovecot 1.2.9 in a postfix/dovecot setup and I'm having issues
> > with receiving spam where the "from" header contains an address like
> > accounting at mydomain.com.  Is there some way I can filter out these
> emails
> > coming from outside our network with an account associated with our
> network
> > which doesn't exist?  Do I just need to configure some custom process to
> > evaluate these addresses, or is there some way either in dovecot or
> > spamassassin to do this?
> >
> > Thanks,
> >
> > Steve K
> >
>
> This should be dealt with in postfix or SpamAssassin, not dovecot,
> and there are likely other, better ways to detect this particular
> spam rather than mucking with the From: header.
>
> Sometimes mail arrives with a header something like
>   From: accounting
> and postfix appends @$myorigin to the unqualified address while
> passing the mail through your content_filter.
>
> The fix for that is to set in your postfix main.cf
>   remote_header_rewrite_domain = domain.invalid
> so that unqualified addresses will be rewritten with a known
> domain.  Don't be tempted to reject such mail outright since you'll
> reject a significant amount of non-spam mail.
>
> Another thing to consider setting in postfix main.cf is:
>   smtpd_reject_unlisted_sender = yes
> which will reject invalid envelope senders in your domain.  (Note
> the difference between envelope sender and the From: header.)
>
>
>
>   -- Noel Jones
>

More information about the dovecot mailing list