So we're getting hammered with spam to invalid addresses in our domain. Looking at our Postfix logs, I see that they're coming from null "from" address. Here's an example in our Postfix logs:
Sep 25 10:53:14 cork postfix/nqmgr[1693]: DD6E443E1C: from=<>, size=4363, nrcpt=1 (queue active)
I'm not sure if this blank from field is the "Send From" field or some other field (anyone know?). I've provided an example below of the headers and contents of one of these messages (I apologize for any obscenities in the message; also, I've removed the hostnames and IPs of our servers).
Configuring out spam service is another step I need to take, since right now it's only scanning messages with valid recipients, but does anyone know how to configure postfix to automatically drop emails that are "from=<>"? We're running postfix 2.0.16-14 on a Redhat AS 3 machine. Let me know if you need any additional info. The example message follows. Thanks for any suggestions.
*** ENVELOPE RECORDS active/D/DD6E443E1C ***
message_size: 4363 158 1
arrival_time: Tue Sep 25 10:53:14 2007
named attribute: message_origin=local
sender:
original recipient: +._-Jansson@alternatis.net
recipient: +._-Jansson@alternatis.net
*** MESSAGE CONTENTS active/D/DD6E443E1C ***
Received: by <our mail server> (Postfix)
id DD6E443E1C; Tue, 25 Sep 2007 10:53:14 -0400 (EDT)
Date: Tue, 25 Sep 2007 10:53:14 -0400 (EDT)
From: MAILER-DAEMON@<our organization> (Mail Delivery System)
Subject: Undelivered Mail Returned to Sender
To: +._-Jansson@alternatis.net
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="C05BC43F36.1190731994/<our mail server>"
Message-Id: <20070925145314.DD6E443E1C@<our mail server>>
This is a MIME-encapsulated message.
--C05BC43F36.1190731994/<our mail server>
Content-Description: Notification
Content-Type: text/plain
This is the Postfix program at host <our mail server>.
I'm sorry to have to inform you that the message returned
below could not be delivered to one or more destinations.
For further assistance, please send mail to <postmaster>
If you do so, please include this problem report. You can
delete your own text from the message returned below.
The Postfix program
<egounot1@<our organization>>: unknown user: "egounot1"
--C05BC43F36.1190731994/<our mail server>
Content-Description: Delivery error report
Content-Type: message/delivery-status
Reporting-MTA: dns; <our mail server>
Arrival-Date: Tue, 25 Sep 2007 10:53:14 -0400 (EDT)
Final-Recipient: rfc822; egounot1@<our organization>
Action: failed
Status: 5.0.0
Diagnostic-Code: X-Postfix; unknown user: "egounot1"
--C05BC43F36.1190731994/<our mail server>
Content-Description: Undelivered Message
Content-Type: message/rfc822
Received: from localhost (<our virus scanning server> [<our virus scanning server IP>])
by <our mail server> (Postfix) with ESMTP id C05BC43F36
for <egounot1@<our organization>>; Tue, 25 Sep 2007 10:53:14 -0400 (EDT)
Received: from <our mail server> ([<our mail server IP>])
by localhost (<our virus scanning server> [<our virus scanning server IP>]) (amavisd-new, port 10024)
with ESMTP id 02100-09 for <egounot1@<our organization>>;
Tue, 25 Sep 2007 10:53:13 -0400 (EDT)
Received: from psmtp.com (chip8mx68.postini.com [64.18.15.128])
by <our mail server> (Postfix) with SMTP id B06F443E1C
for <egounot1@<our organization>>; Tue, 25 Sep 2007 10:53:13 -0400 (EDT)
Received: from source ([89.3.19.113]) by chip8mx68.postini.com ([64.18.7.11]) with SMTP;
Tue, 25 Sep 2007 09:52:59 CDT
Received: by 10.133.104.109 with SMTP id CSuGFahARLbIi;
Tue, 25 Sep 2007 16:52:37 +0200 (GMT)
Received: by 192.168.157.213 with SMTP id hRcoMdikwcNWvQ.8983913879924;
Tue, 25 Sep 2007 16:52:35 +0200 (GMT)
Message-ID: <000e01c7ff83$b3ed23d0$71130359@LEONIEGUY>
From: "Jaakko Jansson" <Jansson@alternatis.net>
To: <egounot1@<our organization>>
Subject: {mhyrnas
Date: Tue, 25 Sep 2007 16:52:32 +0200
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0004_01C7FF94.7775F3D0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3028
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028
X-Antivirus: avast! (VPS 000776-1, 24/09/2007), Outbound message
X-Antivirus-Status: Clean
X-pstn-levels: (S: 0.02540/98.67781 R:95.9108 P:95.9108 M:97.0282 C:98.6951 )
X-Virus-Scanned: amavisd-new at <our virus scanning server>
------=_NextPart_000_0004_01C7FF94.7775F3D0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
http://www.kthsrd.com/
Wazzup egounot1
I always wanted a bigger cock, so did my wife!
Jaakko Jansson
------=_NextPart_000_0004_01C7FF94.7775F3D0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.3059" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT Arial size=3D2><A=20
HREF=3D"http://www.kthsrd.com/">http://www.kthsrd.com/</A></FONT></DIV>
<DIV><FONT Arial size=3D2>Wazzup egounot1</FONT></DIV>
<DIV><FONT Arial size=3D2>I always wanted a bigger cock, so did my =
wife!</FONT></DIV>
<DIV><FONT Arial size=3D2></FONT></DIV>
<DIV><FONT Arial size=3D2>Jaakko Jansson</FONT></DIV></BODY></HTML>
------=_NextPart_000_0004_01C7FF94.7775F3D0--
--C05BC43F36.1190731994/<our mail server>--
*** HEADER EXTRACTED active/D/DD6E443E1C ***
return_receipt:
errors_to:
*** MESSAGE FILE END active/D/DD6E443E1C ***
