From: Robert Dalton (no email)
Date: Sat Jun 01 2002 - 02:20:51 EDT
Hi !
monkeys.com has a old postfix patch for stopping frequently forged domains. It
compares the MAIL FROM: domain with the smtp client PTR record. If these 2 don't
match up with parent or subdomains, it rejects the email. Their selective test
is only applied when the sender domain claims to be from a list of frequently
forged domains like hotmail.com, and yahoo.com. They claim that only a small
amount of valid email was rejected using this on production servers.
http://www.monkeys.com/anti-spam/filtering/additions.html
I've previously asked about a feature like this, but there were concerns about
rejecting legitimately forwarded email.
Im wondering if a rewrite of this patch has any potential of becoming part of a
current snapshot. It looks like a nice feature to have in postfix.
As I was writing this I thought of a method that may help with this problem,
using what's available in recent postfix releases. This will selectively
reject email claiming to be from hotmail, yahoo, etc... if the smtp client
ip address has no PTR record.
/etc/postfix/main.cf:
smtpd_recipient_restrictions =
...other stuff...
check_sender_access hash:/etc/postfix/forged_domains
...other stuff...
/etc/postfix/forged_domains
hotmail.com reject_unknown_client
yahoo.com reject_unknown_client
msn.com reject_unknown_client
....more listings....
Im testing this now, and it works.
Thanks,
;)
--- Robert Dalton AccessWest.com - To unsubscribe, send mail to with content (not subject): unsubscribe postfix-users
|
|
|