engarde-users July 2002 archive
Main Archive Page > Month Archives  > engarde-users archives
engarde-users: [EnGarde] Re: Postfix - rejecting spoofed mail fr

[EnGarde] Re: Postfix - rejecting spoofed mail from:

From: Pete O'Hara <pete_at_nospam>
Date: Mon Jul 08 2002 - 13:26:32 GMT
To: engarde-users@engardelinux.org

"John W. Cahill Jr." wrote:
>
> On Fri, 2002-07-05 at 12:55, Marcus Redivo wrote:
> >
> > John W. Cahill Jr. said:
> > >
> > > My Postfix is NOT an open relay and has been tested
> > > successfully. However it is possible for someone
> > > to send email from a spoofed address to me. I have
> > > seen all the options to reject inbound messages,
> > > however I have not found one that will work with
> > > all those mis-configured email servers sending
> > > me email. I need to allow them, but I don't
> > > need to see my domain in the mail from: header
> > > line.
> >
> > I'm not sure I understand exactly what you are getting at.
> >
> > Could you show the headers from an example piece of mail, and indicate
> > what is wrong with it? Is it an honest misconfiguration, or deliberate
> > deception? Also, what should have happened?
> > A friend of mine sends mail to his own virtual domain (hosted on my
> > machine) from another machine where the username is not qualified in the
> > From: field. My Postfix tags on its own domain, so "From: <bob>" becomes"From: <bob@binarytool.com>", which is of course not true. In fact, there
> > is no such user, local or virtual. The solution would be for the original
> > sender to be fully qualified, ie "From: <bob@foo.com>" Is this what you
> > are talking about?
> > Cheers,
> > Marcus Redivo
> >
>
> These message are UCE or SPAM, whichever you prefer to call them. The
> SPAMMER is sending the email with the from and to as the same
> name, i.e. user@mydomain.com. I can manually connect and do this myself
> from the outside, this is not something I want to happen, and
> unfortunately I thought, Postfix having to be more secure by default,
> would not allow the same domain in the mail from: line as the rcpt to:
> line. I realize it would see this if were relaying outbound email,
> which it will do in the future, however it does know the networks
> that are allowed to do that. I am probably making this more confusing
> that it should be.
>
> What I want is this, basiclly.
>
> mail from: accept anything that is not from my domain
> <check point to verify??>

This would break sending mail from yourself to others in your domain, administrative scripts sending reports to admins, sending mail to yourself.

Pete

>
> rcpt to: accept anything for the domain I am relaying for
> <check point - RBLs, unknowns>
>
> Confused? Me to...
>
> John
>
> >
> >
> > ------------------------------------------------------------------------
> > To unsubscribe email engarde-users-request@engardelinux.org
> > with "unsubscribe" in the subject of the message.
> >
> --
> <<<<<<<<<<<<<<<<<<<<->>>>>>>>>>>>>>>>>>>>
> < John W. Cahill Jr. >
> < jwcahill AT gonetinnovations DOT com >
> < >
> <I'm a fool for Jesus, who's fool are u?>
> < <>< ><> >
> <<<<<<<<<<<<<<<<<<<<->>>>>>>>>>>>>>>>>>>>
>
> -- Attached file included as plaintext by Ecartis --
> -- File: signature.asc
> -- Desc: This is a digitally signed message part
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
>
> iD8DBQA9KYyAeZvc3RQV5sERAjR2AJ9L97CQbvLZOZGa9R+TPCnycPY+/gCfXKr7
> W2JtKW2I6FXIdjPfO9c6j8E=
> =Xepk
> -----END PGP SIGNATURE-----
>
> ------------------------------------------------------------------------
> To unsubscribe email engarde-users-request@engardelinux.org
> with "unsubscribe" in the subject of the message.
-- Pete O'Hara Systems Engineer Guardian Digital, Inc. ------------------------------------------------------------------------ To unsubscribe email engarde-users-request@engardelinux.org with "unsubscribe" in the subject of the message.