On 10/18/2012 8:59 PM, Steven Kiehl wrote:
This is great information on some options I should look into further, however adding the "smtpd_reject_unlisted_sender" option doesn't seem to eliminate the problem.
[This is OT for the dovecot list, and my last post in this thread. Please send all followups to the appropriate postfix, amavisd-new, or spamassassin list in consideration of other list members. Thank you.]
smtpd_reject_unlisted_sender works with the envelope address; this option has no effect on headers.
What these spammers are doing is forging the "from" header to be a full address like "accounting@mydomain.com <mailto:accounting@mydomain.com>"
Possible, but I doubt it. The only way you'll ever see the more likely original "From: accounting" header is by running postfix in debug mode (which is not recommended) or by using a tcp sniffer in front of postfix. That's why I recommend setting "remote_header_rewrite_domain = domain.invalid". Also, this setting requires a non-ancient postfix, but I don't remember which version; if it shows up in "postconf -n" output, you're OK.
and they are sending to a real address like "webmaster@mydomain.com <mailto:webmaster@mydomain.com>". So even if the envelope sender is valid or coming from an outside domain, the visible originating from address is invalid and is in my own domain. And I'm absolutely positive any mail received from these forged from addresses are spam that shouldn't even be delivered.
If there are a few frequently-abused addresses, you can add them to a header_checks rule. But don't get too tied up in wack-a-mole header_checks; that's a great time waster for limited benefit.
This is also complicated further by the use of virtual domains and virtual alias mapping (all sql based) in the Postfix configuration. Some of my problem may be that Postfix might not be able to get a comprehensive list of valid mailboxes and aliases to deliver to the virtual transport. I've tried to define the virtual mailbox maps, but every time I do that the aliases stop working.
If your postfix is not able to properly validate recipients, you should ask about that on the postfix list. That is a serious problem. http://www.postfix.org/DEBUG_README.html#mail
The point you're missing is that there is no way to validate the From: header. Look at other features of the unwanted mail for ways to reject it.
-- Noel Jones