engarde-users July 2002 archive
Main Archive Page > Month Archives  > engarde-users archives
engarde-users: [EnGarde] Re: Postfix - rejecting spoofed mail fr

[EnGarde] Re: Postfix - rejecting spoofed mail from:

From: Jeff Knox <jknox_at_nospam>
Date: Mon Jul 08 2002 - 13:52:05 GMT
To: <engarde-users@engardelinux.org>

Basically, it should be able to block all outside mail claiming its from the local domain. Postfix should route any mail originating from the inside to the inside, without ever sending it to the outside anywhere, so it would know then that any mail comming from another mail server claiming to be from a domain it handles, is spam, should be fairly trivial. I believe thats what this guy wants, and actually I would like it too, i get a huge ammount of spam comming from fakenames@mydomains.com. In fact, my customers even call me on occation thinking their is a hacker or something on my system because of mail comming to them from their user names.

Jeff
fliphead.com

On Mon, 8 Jul 2002, Pete O'Hara wrote:

>
> "John W. Cahill Jr." wrote:
> >
> > On Fri, 2002-07-05 at 12:55, Marcus Redivo wrote:
> > >
> > > John W. Cahill Jr. said:
> > > >
> > > > My Postfix is NOT an open relay and has been tested
> > > > successfully. However it is possible for someone
> > > > to send email from a spoofed address to me. I have
> > > > seen all the options to reject inbound messages,
> > > > however I have not found one that will work with
> > > > all those mis-configured email servers sending
> > > > me email. I need to allow them, but I don't
> > > > need to see my domain in the mail from: header
> > > > line.
> > >
> > > I'm not sure I understand exactly what you are getting at.
> > >
> > > Could you show the headers from an example piece of mail, and indicate
> > > what is wrong with it? Is it an honest misconfiguration, or deliberate
> > > deception? Also, what should have happened?
> > > A friend of mine sends mail to his own virtual domain (hosted on my
> > > machine) from another machine where the username is not qualified in the
> > > From: field. My Postfix tags on its own domain, so "From: <bob>" becomes"From: <bob@binarytool.com>", which is of course not true. In fact, there
> > > is no such user, local or virtual. The solution would be for the original
> > > sender to be fully qualified, ie "From: <bob@foo.com>" Is this what you
> > > are talking about?
> > > Cheers,
> > > Marcus Redivo
> > >
> >
> > These message are UCE or SPAM, whichever you prefer to call them. The
> > SPAMMER is sending the email with the from and to as the same
> > name, i.e. user@mydomain.com. I can manually connect and do this myself
> > from the outside, this is not something I want to happen, and
> > unfortunately I thought, Postfix having to be more secure by default,
> > would not allow the same domain in the mail from: line as the rcpt to:
> > line. I realize it would see this if were relaying outbound email,
> > which it will do in the future, however it does know the networks
> > that are allowed to do that. I am probably making this more confusing
> > that it should be.
> >
> > What I want is this, basiclly.
> >
> > mail from: accept anything that is not from my domain
> > <check point to verify??>
>
> This would break sending mail from yourself to others in your domain,
> administrative scripts sending reports to admins, sending mail to
> yourself.
>
> Pete
>
> >
> > rcpt to: accept anything for the domain I am relaying for
> > <check point - RBLs, unknowns>
> >
> > Confused? Me to...
> >
> > John
> >
> > >
> > >
> > > ------------------------------------------------------------------------
> > > To unsubscribe email engarde-users-request@engardelinux.org
> > > with "unsubscribe" in the subject of the message.
> > >
> > --
> > <<<<<<<<<<<<<<<<<<<<->>>>>>>>>>>>>>>>>>>>
> > < John W. Cahill Jr. >
> > < jwcahill AT gonetinnovations DOT com >
> > < >
> > <I'm a fool for Jesus, who's fool are u?>
> > < <>< ><> >
> > <<<<<<<<<<<<<<<<<<<<->>>>>>>>>>>>>>>>>>>>
> >
> > -- Attached file included as plaintext by Ecartis --
> > -- File: signature.asc
> > -- Desc: This is a digitally signed message part
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.0.6 (GNU/Linux)
> > Comment: For info see http://www.gnupg.org
> >
> > iD8DBQA9KYyAeZvc3RQV5sERAjR2AJ9L97CQbvLZOZGa9R+TPCnycPY+/gCfXKr7
> > W2JtKW2I6FXIdjPfO9c6j8E=
> > =Xepk
> > -----END PGP SIGNATURE-----
> >
> > ------------------------------------------------------------------------
> > To unsubscribe email engarde-users-request@engardelinux.org
> > with "unsubscribe" in the subject of the message.
>
>


To unsubscribe email engarde-users-request@engardelinux.org with "unsubscribe" in the subject of the message.