- Previous message: Bigley, Steve: "Configuring Received: headers for outbound mail"
- Next in thread: Noel Jones: "Re[2]: Blocking mail from=<>"
- Maybe reply: Noel Jones: "Re[2]: Blocking mail from=<>"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Dear All,
thanks to all of you for your answers. Well, the problem is serious, and it is a problem. I say that, because it is spam again, using the RFC.
So, let's say we do not want to stop mail from <> to our own users. That will cause a large amount of viruses and other spam reaching them.
But, there is also another problem - relaying. I am sure there is a way to stop it. And I am also sure you can help about that. Maybe this could be the first step of making just a little better configuration :)
Here is an example of a relay-abusing mail from <>:
postfix/qmgr[777]: 1BA0874C2BB: from=<>, size=6707, nrcpt=1 (queue active)
postfix/smtp[16307]: warning: no MX host for cyberinbox.com has a valid A record
postfix/smtp[16307]: 1BA0874C2BB: to=<>, relay=none, delay=0, status=bounced ([dev.null]: Name or service not known)
postfix/qmgr[777]: 1BA0874C2BB: removed
Well:
;; QUESTION SECTION:
;cyberinbox.com. IN MX
;; ANSWER SECTION:
cyberinbox.com. 928 IN MX 0 dev.null.
;; AUTHORITY SECTION:
cyberinbox.com. 170117 IN NS ns2.adrress.com.
cyberinbox.com. 170117 IN NS ns1.adrress.com.
postfix/qmgr[777]: 6DF1674C2BE: from=<>, size=4048, nrcpt=1 (queue active)
postfix/smtp[16322]: connect to mail.cgocable.com[24.226.1.11]: Connection timed out (port 25)
postfix/smtp[16322]: 6DF1674C2BE: to=<>, relay=none, delay=220013, status=deferred (connect to mail.cgocable.com[24.226.1.11]: Connection timed out)
And just for today I have 148 mails with from=<>. I am sure these are not bounces :)
So, how about that?! Well, it does produce a lot of garbage and relays spam to some MTA on the net.
I am quite sure my server won't get listed as an open relay for that. But at least I don't want to fill up my bandwidth with this garbage.
All mail to unknown recepients in my domain gets rejected. Let us reject mail from <> to other users also.
Hope that you can help!
Best regards,
Bobby
Alimex
Sunday, February 27, 2005, 3:06:00 AM, you wrote:
RLF> Are you acquainted with the listing policy of the RHSBl at
RLF> dsn.rfc-ignorant.org?
RLF> http://www.rfc-ignorant.org/policy-dsn.php
RLF> Consider reading it. You may find yourself in an area where RFC and
RLF> reality clash. BTW, do you have an example of one of these null-sender
RLF> emails and is it addressed to a valid user?
RLF> Bobby wrote:
>> Dear All ,
>>
>>
>> using alias checking and restrictions on the sender and recepient I
>> managed to put together a very nice configuration of postfix.
>>
>> A lot of spam is stopped at my MX.
>>
>>
>> However I still can not stop mail with missing sender address, where the
>> field from=<>.
>>
>>
>> On Feb 16th Stefan Schleifer wrote about a misconfiguration on his
>> machine that actually stopped such mail.
>>
>>
>> said: 554 <>: Sender address rejected: Access denied (in reply to RCPT
>> TO command)
>>
>>
>>
>> Could anyone help me with configuration tips to remedy this?!
>>
>>
>> Thank you!
>>
>>
>> Best regards,
>>
>> Bobby
>>
>> Alimex
>>
>> <mailto:>
>>
>>
|
|
|