On 24 Apr 2003, Dr. Peter Boy wrote:
> Am Don, 2003-04-24 um 05.56 schrieb Tom Diehl:
> > I just got done configuring postfix to reject
> > mail that claims to be from the above domains but does not come from their
> > servers. I think this is a better way of rejecting spam without just dumping
> > mail from dialups. Unfortunately not everyone agrees with me.
>
> Tom, could you describe how you configured your postfix or post a link where
> I can find information how to set it up? (I couldn't find sufficient information
> yet).
Below is the message Wietse sent to the postfix-users list last year:
Date: Thu, 1 Aug 2002 11:21:45 -0400 (EDT)
From: Wietse Venema <wietse@xxxxxxxxxxxxx>
Reply-To: Postfix users <postfix-users@xxxxxxxxxxx>
To: Postfix users <postfix-users@xxxxxxxxxxx>
Subject: Rejecting hotmail from non-hotmail sites etc.
Noel Jones:
> At 10:51 AM 8/1/02 -0400, Vivek Khera wrote:
> >What I do is block hotmail.com senders when the remote server's DNS
> >name is not within the hotmail.com domain. Only occasionally does
> >this have a false positive: when someone uses, eg, Evite to send me an
> >invitation with a hotmail address, and when hotmail's DNS is hosed or
> >misconfigured for a while.
> >
> >I do the same for @yahoo.com, @msn.com, and @aol.com addresses as
> >well.
>
> care to share how you are doing this?
Either one uses a patch from Ron Guilmette, or one uses existing
Postfix features and some duct tape that does almost the same:
it stops mail from aol.com, hotmail.com etc. that does not come
from an aol.com, hotmail.com or legitimate forwarding site.
The result looks like this:
Jul 31 00:31:59 spike postfix/smtpd[56456]: reject: RCPT from
dyn-0.pat.lac00-nrp7.cha.dsl.cantv.net[200.11.240.121]: 554
<name-witheld@xxxxxxxxx>: Sender address rejected: Mail must
be sent from yahoo.com systems; from=<name-witheld@xxxxxxxxx>
to=<name-witheld@xxxxxxxxxxxxxx>
Limitation: this will accept mail from user@xxxxxxxxxxx that is
sent from an aol.com machine, but that is not a problem for me.
Configuration example below.
Wietse
/etc/postfix/main.cf:
smtpd_sender_restrictions =
check_sender_access hash:/etc/postfix/spoof_sender_map
smtpd_restriction_classes = match_client_domain
match_client_domain =
reject_unknown_client
check_client_access hash:/etc/postfix/spoof_client_map
check_sender_access regexp:/etc/postfix/strict_client.regexp
reject
# List of domains that are often forged.
/etc/postfix/spoof_sender_map:
aol.com match_client_domain
hotmail.com match_client_domain
yahoo.com match_client_domain
# The above domains, plus any sites that are legitimate mail forwarders.
/etc/postfix/spoof_client_map:
aol.com OK
hotmail.com OK
yahoo.com OK
legitimate.forwarder.com OK
# Tell anyone else to bugger off.
/etc/postfix/strict_client.regexp:
/@([^@]+)$/ 554 Mail must be sent from $1 systems
HTH,
--
.............Tom "Nothing would please me more than being able to
tdiehl@xxxxxxxxxxxx hire ten programmers and deluge the hobby market
with good software." -- Bill Gates 1976
We are still waiting ....
--
Psyche-list mailing list
Psyche-list@xxxxxxxxxx
https://listman.redhat.com/mailman/listinfo/psyche-list
