This is great information on some options I should look into further, however adding the "smtpd_reject_unlisted_sender" option doesn't seem to eliminate the problem. What these spammers are doing is forging the "from" header to be a full address like "accounting@mydomain.com" and they are sending to a real address like "webmaster@mydomain.com". So even if the envelope sender is valid or coming from an outside domain, the visible originating from address is invalid and is in my own domain. And I'm absolutely positive any mail received from these forged from addresses are spam that shouldn't even be delivered.
This is also complicated further by the use of virtual domains and virtual alias mapping (all sql based) in the Postfix configuration. Some of my problem may be that Postfix might not be able to get a comprehensive list of valid mailboxes and aliases to deliver to the virtual transport. I've tried to define the virtual mailbox maps, but every time I do that the aliases stop working.
On Thu, Oct 18, 2012 at 5:00 PM, Noel noeldude@gmail.com wrote:
On 10/18/2012 3:32 PM, Steven Kiehl wrote:
Hi,
I'm using dovecot 1.2.9 in a postfix/dovecot setup and I'm having issues with receiving spam where the "from" header contains an address like accounting@mydomain.com. Is there some way I can filter out these emails coming from outside our network with an account associated with our network which doesn't exist? Do I just need to configure some custom process to evaluate these addresses, or is there some way either in dovecot or spamassassin to do this?
Thanks,
Steve K
This should be dealt with in postfix or SpamAssassin, not dovecot, and there are likely other, better ways to detect this particular spam rather than mucking with the From: header.
Sometimes mail arrives with a header something like From: accounting and postfix appends @$myorigin to the unqualified address while passing the mail through your content_filter.
The fix for that is to set in your postfix main.cf remote_header_rewrite_domain = domain.invalid so that unqualified addresses will be rewritten with a known domain. Don't be tempted to reject such mail outright since you'll reject a significant amount of non-spam mail.
Another thing to consider setting in postfix main.cf is: smtpd_reject_unlisted_sender = yes which will reject invalid envelope senders in your domain. (Note the difference between envelope sender and the From: header.)
-- Noel Jones