How to configure postfix to reject mails having invalid return path
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How to configure postfix to reject mails having invalid return path
Hello Frnds
I am having spam mails in my inbox and spamassesion can't do any thing about it because mail are coming from my own mail id but the return path and massage-id are different.
So how can tell postfix drop the mail not having from id and return path same.
Received: by mail.sarai.net (Postfix, from userid 1006) id 4DC952C48011; Wed, 9 Jul 2008 13:08:14 +0530 (IST)
Received: from kassa-1 (unknown [195.177.116.170]) by mail.sarai.net (Postfix) with SMTP id F10C02C48003 for <jeebesh@sarai.net>; Wed, 9 Jul 2008 13:08:09 +0530 (IST)
X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on mail.sarai.net
There are header or body check rules you can apply, but these can easily reject mail inadvertently, so you have to use them very carefully.
What is curious is why that mail score a -63 ! Are you doing some sort of white-listing and reducing the score ? Surely no amount of spam scoring will be effective with scoring like this.
Show the output of postconf -n if you would like some advice about your smtpd_*_restrictions that may help reduce your spam.
There are header or body check rules you can apply, but these can easily reject mail inadvertently, so you have to use them very carefully.
What is curious is why that mail score a -63 ! Are you doing some sort of white-listing and reducing the score ? Surely no amount of spam scoring will be effective with scoring like this.
Show the output of postconf -n if you some advice about your smtpd_*_restrictions that may help reduce your spam.
Received: by mail.sarai.net (Postfix, from userid 1006) id DFE862C48004; Fri, 11 Jul 2008 18:47:56 +0530 (IST)
Received: from kevin-bmvhpyeu8 (unknown [213.207.221.250]) by mail.sarai.net (Postfix) with SMTP id 0A8B4109402C for <jeebesh@sarai.net>; Fri, 11 Jul 2008 18:47:48 +0530 (IST)
X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on mail.sarai.net
X-Spam-Status: No, score=-69.6 required=4.7 tests=DIGEST_MULTIPLE,HTML_MESSAGE, MIME_HTML_ONLY,PYZOR_CHECK,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100, RAZOR2_CHECK,RCVD_IN_PBL,RDNS_NONE,URIBL_AB_SURBL,URIBL_BLACK,URIBL_JP_SURBL, URIBL_OB_SURBL,URIBL_SBL,USER_IN_WHITELIST autolearn=no version=3.2.4
See my post here regarding some notes on various smtpd_*_restrictions.
We still have not accounted for that large negative (-69.6) score. We can only help if you answers questions asked to gain more incite into your setup. If you don't respond, help will be... less helpful.
Unless you've modified the standard SpamAssassin tests, this score must be coming from your USER_IN_WHITELIST. There is little point to using SpamAssassin if you are going to whitelist based on a header field that is easily forged (which it is in this case). This message most likely would have score above your spam threshold had you not whitelisted the (forged) user.
Do you know how to run a mail message through spamassassin manually? You should remove your whitelisting from local.cf, and re-run the message to see how it scores.
Received: by mail.sarai.net (Postfix, from userid 1006) id DFE862C48004; Fri, 11 Jul 2008 18:47:56 +0530 (IST)
Received: from kevin-bmvhpyeu8 (unknown [213.207.221.250]) by mail.sarai.net (Postfix) with SMTP id 0A8B4109402C for <jeebesh@sarai.net>; Fri, 11 Jul 2008 18:47:48 +0530 (IST)
X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on mail.sarai.net
X-Spam-Status: No, score=-69.6 required=4.7 tests=DIGEST_MULTIPLE,HTML_MESSAGE, MIME_HTML_ONLY,PYZOR_CHECK,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100, RAZOR2_CHECK,RCVD_IN_PBL,RDNS_NONE,URIBL_AB_SURBL,URIBL_BLACK,URIBL_JP_SURBL, URIBL_OB_SURBL,URIBL_SBL,USER_IN_WHITELIST autolearn=no version=3.2.4
smtpd_sender_restrictions =
reject_non_fqdn_sender (reject email address not in user@domain.com format)
reject_uknown_sender_domain (reject mail domain.com if domain.com does not exist)
See my post here regarding some notes on various smtpd_*_restrictions.
We still have not accounted for that large negative (-69.6) score. We can only help if you answers questions asked to gain more incite into your setup. If you don't respond, help will be... less helpful.
Unless you've modified the standard SpamAssassin tests, this score must be coming from your USER_IN_WHITELIST. There is little point to using SpamAssassin if you are going to whitelist based on a header field that is easily forged (which it is in this case). This message most likely would have score above your spam threshold had you not whitelisted the (forged) user.
Do you know how to run a mail message through spamassassin manually? You should remove your whitelisting from local.cf, and re-run the message to see how it scores.
sorry for reply so late
Yes this is why my domain is in whitelist but i can't remove it from whitelist ..........
smtpd_sender_restrictions =
reject_non_fqdn_sender (reject email address not in user@domain.com format)
reject_uknown_sender_domain (reject mail domain.com if domain.com does not exist)
It can't tell if it will solve the problem you are trying to solve. These restrictions act on the ENVELOPE sender; this isn't present in the email headers and body you've shown. You can see envelope sender and recipient in your logs.
You can place of the restrictions above in smtpd_recipient_restrictions instead (they will just be evaluated later, when the recipient address comes in from the SMTP dialog).
There are many anti-spam measures you can take. But you have to try each out one at a time to see how they will affect your incoming mail. It is a learning experience and will take some time. Your expectations need to be reset; you will not get this done overnight. Rather, it will be something you continually tune until the system works correctly for your needs.
Quote:
Originally Posted by badboynick21
sorry for reply so late
Yes this is why my domain is in whitelist but i can't remove it from whitelist ..........
Well, you will have to live with others forging your address (which is trivial by the way, and COMMON) and sending you spam. You simply can't have it both ways.
There are BETTER ways of allowing your mail to come through, while rejecting others. Why do you think you need that whitelist ?
Quote:
Originally Posted by badboynick21
can u please tell me how to run a mail message through spamassassin manually?
So the question isn't so much how to allow mail to come through - that is the normal mode. The question is why are certain mails being blocked? And for this, it requires an analysis of the headers of the mail and postfix logs.
I want to make a strong point - if you are not willing to dedicate a fair amount of time and energy into learning about how mail systems work, you'll be in for a lot of troubles and surprises when trying to run your own mail server.
Something you need to get clear in your own mind. You're talking about mail as if it all fits one Good pattern, and if mail doesn't fit that pattern, then the mail is Bad. It doesn't work that way. There are an infinite number of variations of Good email, and infinite permutations of Bad. So when you say "allowing your mail to come through", or "stop the mail coming like this", I have no idea specifically what you mean by "your mail" or "like this", or what parts of the mail message should not be allowed.
I won't build your mail system for you (unless you want to hire me); but I will give you free pointers and tips along the way. You have to do the bulk of the work.
and all the relevant Content inspection documentation on the main documentation page.
You should also consider integrating an anti-virus checker in your content inspection; this alone will add a substantial amount of additional protection.
There are plenty of HowTos that people seem to like, so search the forums here for advice on which ones are best for your needs. HowTos are almost universally not how to, but are cookbook-like step-by-step recipes for putting pieces together. These are good to get you started, but I strongly believe it is important to learn HOW the system works.
Been long since I had been looking for something similar, checking if the mail from: smtp command (Return-Path) and the mail header From: does match, because most of the spam, virus and pishing nowadays identify themselves as one email but fake the From: header on their emails.
So, as Postfix only checks one line at a time, there is no way on checking two lines if they match. Neither SpamAssassin seems to do that (as far as I had read the rules writing documentation, it can check two or more headers for a content, but it does not check if they do have the same content).
I developed a simple content-filter script that does the trick, it checks if the From: header matches the Return-Path (the email specified at mail from: smtp command). If both headers match the message is delivered, if not the message is discarded.
Installation is fast, usage is easy and the concept is simple! Hope you all enjoy as much as I do!
This will create problems for mailing lists that routinely use different return paths vs. From headers.
I guess its easy for anyone to place an extra check on the content_filter script if message-id or return-path is from the maillist and also deliver the message
You're subscribed to one here - that's how you got notification of my response. In this case, the Return Path and From are almost identical, but you'll have to do RFC email address parsing, a non-trivial task.
There are loads of extra checks that would be required to ensure reliable delivery. Better to use a scoring system, rather than flat out reject or quarantining. Besides, there are plenty of other indicators typically in an email that will decide its spaminess or reject-worthness (such as sending IP, RBLs, etc.).
There are loads of extra checks that would be required to ensure reliable delivery. Better to use a scoring system, rather than flat out reject or quarantining. Besides, there are plenty of other indicators typically in an email that will decide its spaminess or reject-worthness (such as sending IP, RBLs, etc.).
I can consider adding a domain only check. The way it works now suits my system perfectly, dropping all that wow/aion/etc pishing emails that come from hotmail.
Due to your previous post, I tought you were talking about maillists like maillist@domain.org that would have the mail list return path, but the header From of whoever sent the email. Because of that I added a Whitelist for the Return-Path.
You are welcome to check out my blog, I hope google translation helps There are plenty of postfix rules that may help exterminating spam and reducing the usage of rbl lists...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.