From: Bart-Jan Vrielink (no email)
Date: Fri Mar 01 2002 - 08:23:13 EST
On Fri, 2002-03-01 at 13:56, Jose Sebastiao Martins wrote:
> We are receiving many UCE with headers like:
>
> Delivered-To:
> From: "tiao " <>
> To: "tiao" <>
> Subject: tiao , GANHE AGORA UM FONE DE OUVIDO PARA SEU CELULAR!
> Date: Thu, 28 Feb 02 19:05:20 Hora oficial do Brasil
> X-Mailer: Microsoft Outlook Express 6.00.2462.0000
>
> OPORTUNIDADE.com.br does not exist (cann't ping or telnet)
It does exist, because it has a valid mx record:
OPORTUNIDADE.com.br MX 10 mail.matrix.com.br
You left out the most interesting headers, so we don't know from which
machine this UCE came.
> Here is a snipped postconf -n:
>
> header_checks = regexp:/etc/postfix/header_checks
> inet_interfaces = all
> local_recipient_maps = $alias_maps unix:passwd.byname
> mydestination = $mydomain, $myhostname, localhost.$mydomain
> mydomain = efoa.br
> myhostname = int.efoa.br
> mynetworks = 200.179.120.0/24, 200.179.121.0/24, 127.0.0.0/8
> body_checks = regexp:/etc/postfix/body_checks
> smtpd_client_restrictions =
> smtpd_helo_restrictions =
> smtpd_recipient_restrictions =
> reject_non_fqdn_sender,
> reject_non_fqdn_recipient,
> reject_unknown_sender_domain,
> reject_unknown_recipient_domain,
> permit_mynetworks,
> reject_unauth_destination,
>
> Is there a way to reject this kind of UCE?
If the mail came from a host which is in one of the rbl's, then you
could consider using those.
You could add the sender's email-adress to a blacklist, but that only
helps when he spams again or you could add certain words found in the
header or body to your header or body_checks.
You could consider using spamassassin or something else to filter your
mail if you can afford the CPU cycles it takes to analyse the mail.
-- Tot ziens, Bart-Jan - To unsubscribe, send mail to with content (not subject): unsubscribe postfix-users
|
|
|