Re: [exim] Help with our postmaster@my.domain being spoofed …

Góra strony
Delete this message
Reply to this message
Autor: Ian Eiloart
Data:  
Dla: exim-users, Exim-users
Temat: Re: [exim] Help with our postmaster@my.domain being spoofed as a senderaddress


--On 26 October 2006 16:43:19 +0200 exim-users@??? wrote:

> paul.mcilfatrick@??? schrieb:
>> Hi
>>
>> Having searched the exim mail archives and not found my problem there I
>> thought of asking the experts.
>>
>> I am postmaster for a local company mail server (it is running Exim
>> 4.63) that receives its e-mail from our company mail relay which does
>> the virus checking of the e-mail as it arrives into the company.
>>
>> We have a lot of e-mail arriving for users that have left the company
>> and so I created a reject-list file which is checked in the
>> acl_smtp_rcpt acl so that these e-mails are rejected early which saves
>> on downloading them and running them through Spamassassin (use sa-exim).
>>
>> This works fine for most of this type of spam.
>>
>> But lately, an increasing percentage of this spam is arriving with the
>> sender spoofed to be postmaster@??? (i.e. me) and when Exim issues
>> a deny because the recipient has left I then get an e-mail from the
>> postmaster of our company mail relay sent to postmaster@??? to
>> inform me that the e-mail to jbloggs@??? failed because of unknown
>> user!
>>
>>
>> How can I reject this type of spam without getting the e-mail from
>> postmaster of our company mail relay?
>
> Paul,
>
> your local MTA is doing fine, but your company mail relay needs to do
> recipient verification for the domains it is relaying to, instead of
> accepting mail for recipients that don't exist. Otherwise you will
> always get their collateral spam.


That's what he's doing. The collateral spam probably wasn't originally
aimed at his users.

Paul, if you *never* send email from the postmaster address, then you can
safely reject messages with null sender that are addressed to postmaster -
but do this in the data acl otherwise you may fall foul of sender
verification callouts.

>
> Patrick Eisenacher




--
Ian Eiloart
IT Services, University of Sussex