Re: [exim] Help with our postmaster@my.domain being spoofed …

Góra strony
Delete this message
Reply to this message
Autor: Beber
Data:  
Dla: Ian Eiloart
CC: Exim-users, exim-users
Temat: Re: [exim] Help with our postmaster@my.domain being spoofed as a senderaddress
Le jeudi 26 octobre à 15:53:36, Ian Eiloart a écrit :

>
>
> --On 26 October 2006 16:43:19 +0200 exim-users@??? wrote:
>
> > paul.mcilfatrick@??? schrieb:
> >> Hi
> >>
> >> Having searched the exim mail archives and not found my problem there I
> >> thought of asking the experts.
> >>
> >> I am postmaster for a local company mail server (it is running Exim
> >> 4.63) that receives its e-mail from our company mail relay which does
> >> the virus checking of the e-mail as it arrives into the company.
> >>
> >> We have a lot of e-mail arriving for users that have left the company
> >> and so I created a reject-list file which is checked in the
> >> acl_smtp_rcpt acl so that these e-mails are rejected early which saves
> >> on downloading them and running them through Spamassassin (use sa-exim).
> >>
> >> This works fine for most of this type of spam.
> >>
> >> But lately, an increasing percentage of this spam is arriving with the
> >> sender spoofed to be postmaster@??? (i.e. me) and when Exim issues
> >> a deny because the recipient has left I then get an e-mail from the
> >> postmaster of our company mail relay sent to postmaster@??? to
> >> inform me that the e-mail to jbloggs@??? failed because of unknown
> >> user!
> >>
> >>
> >> How can I reject this type of spam without getting the e-mail from
> >> postmaster of our company mail relay?
> >
> > Paul,
> >
> > your local MTA is doing fine, but your company mail relay needs to do
> > recipient verification for the domains it is relaying to, instead of
> > accepting mail for recipients that don't exist. Otherwise you will
> > always get their collateral spam.
>
> That's what he's doing. The collateral spam probably wasn't originally
> aimed at his users.
>
> Paul, if you *never* send email from the postmaster address, then you can
> safely reject messages with null sender that are addressed to postmaster -
> but do this in the data acl otherwise you may fall foul of sender
> verification callouts.


Isn't it more a "from" checking rules which is needed ?

From Header could be checked and allowed if the real sender come from a
auth or relay_from_hosts ?

I don't known how to do that and so could help me too.

--
Beber - E-Mail / Jabber (+GMail) : beber_AT_meleeweb.net
http://www.meleeweb.net