[ale] Strange sendmail (and postfix) spam issue: accepting fail "from" myself?

Alex Carver agcarver+ale at acarver.net
Tue Mar 29 14:30:38 EDT 2016


I would first enable reverse DNS checks.  That would probably put an
instant stop to the practice because the IP and domain won't match.

It will also stop mail coming in from hosts without reverse DNS but
that's an option to weigh (and maybe not the best choice if this is the
server I'm thinking it is).

Alternatively set up a rule that if the from domain matches yours, it
must also match your IP address.

On 2016-03-29 09:53, Derek Atkins wrote:
> Hi,
> 
> I've got a recently-occurring spam issue that I'm trying to solve.  And
> apparently it's happening on two different servers running both sendmail
> and postfix.  The issue is that someone is connecting from a remote
> system, claiming to be "from" my domain, and sending mail "to" my
> domain.
> 
> In other words, they connect to mail.foo.example claiming to be
> from: sales at foo.example and sending to: user at foo.example.  For some
> reason this is making it past my spam checks, and I don't know why.
> 
> Strangely, this is happening both in postfix and in sendmail.
> 
> It's quite annoying, and getting more.. "popular".
> 
> Any advice from the crowd?
> 
> I'm happy to share configuration data privately; on the sendmail side I
> *do* use relay_based_on_MX; maybe that has something to do with it?
> 
> On the postfix side, I might need to explicitly disallow senders
> claiming to be from my own domain that aren't authenticated; I suppose I
> need to add "reject_unlisted_sender" to my smtpd_sender_restrictions?
> 
> Thanks,
> 
> -derek
> 



More information about the Ale mailing list