| View previous topic :: View next topic |
| Author |
Message |
kirc05
n00b
Joined: 09 Jan 2007
Posts: 4
|
 Posted: Tue Jan 09, 2007 10:00 am Post subject: Postfix sender domain? |
 |
|
Is it possible to prevent users from my mail server to send forged mails?
Now it's configured to reject sending mails as non-existing@my.domain.com and giving me this -> Sender address rejected: User unknown in virtual mailbox table
That's fine!
Also, it's rejecting sending mail from fake domain names - > Sender address rejected: Domain not found; from=<blqblq@fakemailaddress.com>
Oh, that's great 
BUT
When I'm sending mail as fakeuser@yahoo.com there's no problem sending it 
Any ideas ?
Thanks! |
|
| Back to top |
|
 |
steveb
Advocate
Joined: 18 Sep 2002
Posts: 4564
|
| Posted: Tue Jan 09, 2007 1:53 pm Post subject: Re: Postfix sender domain? |
|
|
I am using Sender Address Verification for that (but you need >= Postifx 2.1).
cheers
SteveB |
|
| Back to top |
|
|
magic919
Advocate
Joined: 17 Jun 2005
Posts: 2182
Location: Berkshire, UK
|
| Posted: Tue Jan 09, 2007 5:16 pm Post subject: |
|
|
| Surely they could pretend to be from: validuser@example.com and that would get through. |
|
| Back to top |
|
|
darkphader
Veteran
Joined: 09 May 2002
Posts: 1225
Location: Motown
|
| Posted: Tue Jan 09, 2007 5:52 pm Post subject: |
|
|
We use check_client_access and check_sender_access as recipient restrictions to require:
1) mail from the outside must not have our domain as an envelope sender
2) mail from the inside must contain an envelope sender in the domain
The method is outlined in "The Book of Postfix".
Chris
_________________
WYSIWYG - What You See Is What You Grep |
|
| Back to top |
|
|
steveb
Advocate
Joined: 18 Sep 2002
Posts: 4564
|
| Posted: Tue Jan 09, 2007 6:47 pm Post subject: |
|
|
| magic919 wrote: | | Surely they could pretend to be from: validuser@example.com and that would get through. |
They could but there are many ways to kick those out:- SPF
- Domain Keys
- Scoring systems aka Policyd-Weight
- etc
|
|
| Back to top |
|
|
steveb
Advocate
Joined: 18 Sep 2002
Posts: 4564
|
| Posted: Tue Jan 09, 2007 7:01 pm Post subject: |
|
|
| darkphader wrote: | We use check_client_access and check_sender_access as recipient restrictions to require:
1) mail from the outside must not have our domain as an envelope sender
2) mail from the inside must contain an envelope sender in the domain
The method is outlined in "The Book of Postfix".
Chris |
Can as well been read here: http://www.stahl.bau.tu-bs.de/~hildeb/postfix/ |
|
| Back to top |
|
|
magic919
Advocate
Joined: 17 Jun 2005
Posts: 2182
Location: Berkshire, UK
|
| Posted: Tue Jan 09, 2007 7:39 pm Post subject: |
|
|
Steve, I guess my point was I think those techniques are more valid for incoming mail and I thought the OP want to block dodgy outgoing. Unless I misread it. Other method looks great and was more what I expected.
Tony |
|
| Back to top |
|
|
steveb
Advocate
Joined: 18 Sep 2002
Posts: 4564
|
| Posted: Tue Jan 09, 2007 8:17 pm Post subject: |
|
|
| magic919 wrote: | Steve, I guess my point was I think those techniques are more valid for incoming mail and I thought the OP want to block dodgy outgoing. Unless I misread it. Other method looks great and was more what I expected.
Tony |
Aha. I see what you mean.
You can find very good stuff in Postfix 2.3.x which combined with Restriction Classes can very easy do what you mentioned. The post from darkphader addresses this issue but it is to strict for my setup (I have allot of domains on one server and mail coming from external can have a envelope sender for which we are responsible. So I can not block them. But I use other mechanisms to achieve that functionality).
cheers
SteveB |
|
| Back to top |
|
|
PCnity
n00b
Joined: 23 Dec 2005
Posts: 41
|
| Posted: Tue Jan 09, 2007 9:25 pm Post subject: Domain name spoofing |
|
|
Hello
I would like to ask you if there are som better ways to block domain name spoofing than SPF... ? I get hundreds of bounce mails a day from mailer-daemons around the world that my mail can npt be delivered because: it contains SPAM, or receipient does not exist and so on...
BUT my SMTP server isn't sending any of that messages... It is configured that someone with domain "customer1.tld" cannot use "customer2.tld" as sender domain.
All tha SPAM "is coming" from my own domain... I hate SPAMers. |
|
| Back to top |
|
|
steveb
Advocate
Joined: 18 Sep 2002
Posts: 4564
|
| Posted: Tue Jan 09, 2007 10:51 pm Post subject: Re: Domain name spoofing |
|
|
| PCnity wrote: | Hello
I would like to ask you if there are som better ways to block domain name spoofing than SPF... ? I get hundreds of bounce mails a day from mailer-daemons around the world that my mail can npt be delivered because: it contains SPAM, or receipient does not exist and so on...
BUT my SMTP server isn't sending any of that messages... It is configured that someone with domain "customer1.tld" cannot use "customer2.tld" as sender domain.
All tha SPAM "is coming" from my own domain... I hate SPAMers. |
What is bad with SPF?
Anyway.... there are other techniques which have +/- the same scope SPF but none of them will help you if the recipient server/mta does not check back for validity.
cheers
SteveB |
|
| Back to top |
|
|
kirc05
n00b
Joined: 09 Jan 2007
Posts: 4
|
| Posted: Wed Jan 24, 2007 1:54 pm Post subject: |
|
|
Thanks guys!
P.S. Sorry for the late reply |
|
| Back to top |
|
|
|
Networking & Security
