how to configure postfix to reject spams
Hi, lately I have been getting lots of spams ( who doesn't these days? ), and I noticed that these spams are easy to detect, since from the following header information, you can see the sender's address is a fake one:
Message-ID: <000901c6c1b3$38dafc30$67b20c48@ryjcud.znx> From: "Joshua Buchanan" <inb@statusproperty.co.uk> So I am thinking to REJECT such spams from postfix. The rule would be simple: extract sender's actual sending domain and claimed domain from Message-ID field and From field, and compare them. Normally these two should be same ( is it true? ). Otherwise, reject. However, I am not an expert in postfix. Anyone could help how to configure postfix to do this task efficiently? Thanks. |
If you only want to reject invalid sender domains, you'll need this in your /etc/postfix/main.cf:
Code:
smtpd_sender_restrictions = reject_uknown_sender_domain There are a lot more ways to use Postfix to block spam. If you post your main.cf file I could show you things you could add to it. |
Here are relate lines in my main.cf:
smtpd_sender_restrictions = hash:/etc/postfix/access smtpd_client_restrictions = smtpd_helo_required = no smtpd_helo_restrictions = strict_rfc821_envelopes = no smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination smtp_sasl_auth_enable = no smtpd_sasl_auth_enable = no smtpd_use_tls = no smtp_use_tls = no and Here is access: enews.buy.com REJECT lmsa.hinet.net REJECT online.costco.com REJECT orbitz.com REJECT My questions are: 1) can you have both lines in main.cf Code:
smtpd_sender_restrictions = hash:/etc/postfix/access 2) how does postfix decide unknown_sender_domain? Is there any false positive possibility? Thanks. Quote:
|
You could change things to this for some good spam blocking. I also rearranged it a bit so it's easier to read and flows better.
Code:
smtpd_helo_required = yes The way it checks the reject_unknown_sender_domain is by seeing if the domain has an A or MX DNS record. The only reason the from domain wouldn't have one of those records is if they're spoofing. |
Thanks a lot. I will change accordingly and see how that works.
A few more questions: 1) Any changes in other postfix files? 2) How to log postfix actions so that I can see if it works properly for a few days? 3) Instead of reject right away, how to set up postfix so that it puts those deemed spams to another folder for later inspection? ( I am trying to be very cautious. ) 4) Code:
smtpd_helo_required = yes Thanks again. Quote:
|
1. Main.cf is the only file you need to change for now. If you want to do more advanced configurations of Postfix you might need to create/change other ones.
2. Postfix should automatically log to /var/log/mail.log. Depending on how your syslog is set up, you should have a few days of logs in there. 3. Postfix can't move files based on whether it thinks they're spam. You'd need a filter like procmail to do that. You could simply set up the rules and then place warn_if_reject right in front of them to have Postfix not actually reject email that would hit these new rules, but only place a warning in your log file so you can see what mail would have been rejected. For example: Code:
smtpd_helo_required = yes |
Thanks a lot again.
Quote:
|
My pleasure.
|
Hi, I just tested by sending an email bwteen my accounts on differnt domains, but got following error:
postfix/smtpd[27154]: warning: unknown smtpd restriction: "reject_uknown_sender_domain" postfix/smtpd[27154]: NOQUEUE: reject: RCPT from destination.domain: 451 Server configuration error; from=<me@origin> to=<me@destination> proto=ESMTP helo=<destination_mail_server> How to fix it? Thanks. Quote:
|
My mistake... it's a spelling error. Left out an "n" in unknown.
Change it in your main.cf file to: reject_unknown_sender_domain |
Yep, works. Actually mistake was mine. I just copied your lines without looking more carefully.
Thanks a lot again. :tisk: Quote:
|
Now here came a real test. I got another spam, and here are related header information:
Code:
Return-Path: <rymub@xbeyond.fsnet.co.uk> When postfix checks the sender's address, how does it know the sender's address is a known (maybe valid instead) address? And how to catech this type of spams? Probably back to my original questions? :rolleyes: Thanks. Quote:
|
A sender address can be spoofed very easily. Postfix has no way of knowing whether the email address the sender provides is a real email address or not. All Postfix can do is check to see if the domain.com portion of the email address exists using the reject_unknown_sender_domain rule and, in this case, this domain does exist and has an MX record so it passes that check.
Code:
dig mx xbeyond.fsnet.co.uk |
For my SPAM, and I get lots of it, I use a combination of spamassassin and sieve. All the messages identified as SPAM go from my Inbox to my SPAM mailbox automatically. A couple of times per week I check my SPAM folder to see if there are any false/positives. If I do get a repeating false/negative then I use SPAMCop to report it.
|
Is there anyway for postfix to check the sender's domain against the sending address, i.e., the IP in the received from field? Since as you said, a sender's address can be spoofed easily, while the sending address is not unless the ISP is collaborating.
Quote:
|
All times are GMT -5. The time now is 02:12 PM. |