[Dovecot] Emails from invalid local accounts
Noel
noeldude at gmail.com
Fri Oct 19 06:50:30 EEST 2012
On 10/18/2012 8:59 PM, Steven Kiehl wrote:
> This is great information on some options I should look into
> further, however adding the "smtpd_reject_unlisted_sender"
> option doesn't seem to eliminate the problem.
[This is OT for the dovecot list, and my last post in this thread.
Please send all followups to the appropriate postfix, amavisd-new,
or spamassassin list in consideration of other list members. Thank
you.]
smtpd_reject_unlisted_sender works with the envelope address; this
option has no effect on headers.
> What these spammers are doing is forging the "from" header to be
> a full address like "accounting at mydomain.com
> <mailto:accounting at mydomain.com>"
Possible, but I doubt it. The only way you'll ever see the more
likely original "From: accounting" header is by running postfix in
debug mode (which is not recommended) or by using a tcp sniffer in
front of postfix. That's why I recommend setting
"remote_header_rewrite_domain = domain.invalid". Also, this setting
requires a non-ancient postfix, but I don't remember which version;
if it shows up in "postconf -n" output, you're OK.
> and they are sending to a real address like
> "webmaster at mydomain.com <mailto:webmaster at mydomain.com>". So even
> if the envelope sender is valid or coming from an outside domain,
> the visible originating from address is invalid and is in my own
> domain. And I'm absolutely positive any mail received from these
> forged from addresses are spam that shouldn't even be delivered.
If there are a few frequently-abused addresses, you can add them to
a header_checks rule. But don't get too tied up in wack-a-mole
header_checks; that's a great time waster for limited benefit.
> This is also complicated further by the use of virtual domains and
> virtual alias mapping (all sql based) in the Postfix
> configuration. Some of my problem may be that Postfix might not
> be able to get a comprehensive list of valid mailboxes and aliases
> to deliver to the virtual transport. I've tried to define the
> virtual mailbox maps, but every time I do that the aliases stop
> working.
If your postfix is not able to properly validate recipients, you
should ask about that on the postfix list. That is a serious problem.
http://www.postfix.org/DEBUG_README.html#mail
The point you're missing is that there is no way to validate the
From: header. Look at other features of the unwanted mail for ways
to reject it.
-- Noel Jones
More information about the dovecot
mailing list