[Dovecot] Emails from invalid local accounts

Noel noeldude at gmail.com
Fri Oct 19 06:50:30 EEST 2012


On 10/18/2012 8:59 PM, Steven Kiehl wrote:
> This is great information on some options I should look into
> further, however adding the "smtpd_reject_unlisted_sender"
> option doesn't seem to eliminate the problem.

[This is OT for the dovecot list, and my last post in this thread. 
Please send all followups to the appropriate postfix, amavisd-new,
or spamassassin list in consideration of other list members.  Thank
you.]

smtpd_reject_unlisted_sender works with the envelope address; this
option has no effect on headers. 

>  What these spammers are doing is forging the "from" header to be
> a full address like "accounting at mydomain.com
> <mailto:accounting at mydomain.com>"

Possible, but I doubt it.  The only way you'll ever see the more
likely original "From: accounting" header is by running postfix in
debug mode (which is not recommended) or by using a tcp sniffer in
front of postfix.  That's why I recommend setting
"remote_header_rewrite_domain = domain.invalid".  Also, this setting
requires a non-ancient postfix, but I don't remember which version;
if it shows up in "postconf -n" output, you're OK.

> and they are sending to a real address like
> "webmaster at mydomain.com <mailto:webmaster at mydomain.com>".  So even
> if the envelope sender is valid or coming from an outside domain,
> the visible originating from address is invalid and is in my own
> domain.  And I'm absolutely positive any mail received from these
> forged from addresses are spam that shouldn't even be delivered.

If there are a few frequently-abused addresses, you can add them to
a header_checks rule.  But don't get too tied up in wack-a-mole
header_checks; that's a great time waster for limited benefit.

> This is also complicated further by the use of virtual domains and
> virtual alias mapping (all sql based) in the Postfix
> configuration.  Some of my problem may be that Postfix might not
> be able to get a comprehensive list of valid mailboxes and aliases
> to deliver to the virtual transport.  I've tried to define the
> virtual mailbox maps, but every time I do that the aliases stop
> working.

If your postfix is not able to properly validate recipients, you
should ask about that on the postfix list.  That is a serious problem.
http://www.postfix.org/DEBUG_README.html#mail

The point you're missing is that there is no way to validate the
From: header.  Look at other features of the unwanted mail for ways
to reject it.



  -- Noel Jones


More information about the dovecot mailing list