[ale] Strange sendmail (and postfix) spam issue: accepting fail "from" myself?

Derek Atkins derek at ihtfp.com
Tue Mar 29 15:04:14 EDT 2016


Hi,

On Tue, March 29, 2016 2:30 pm, Alex Carver wrote:
> I would first enable reverse DNS checks.  That would probably put an
> instant stop to the practice because the IP and domain won't match.
>
> It will also stop mail coming in from hosts without reverse DNS but
> that's an option to weigh (and maybe not the best choice if this is the
> server I'm thinking it is).

Yeah, unfortunately I can't turn that on because of real v6 clients
connecting.  I've turned it on before and been yelled at because it blocks
too much.  :(

> Alternatively set up a rule that if the from domain matches yours, it
> must also match your IP address.

This is something I'd love.  So, how do I so this in sendmail-speak?
I've spent too much time googling and haven't found a macro that does it,
and honestly these days my sendmail config fu is based on what's in the
.m4 macro documentation.  :(

Help?

-derek

>
> On 2016-03-29 09:53, Derek Atkins wrote:
>> Hi,
>>
>> I've got a recently-occurring spam issue that I'm trying to solve.  And
>> apparently it's happening on two different servers running both sendmail
>> and postfix.  The issue is that someone is connecting from a remote
>> system, claiming to be "from" my domain, and sending mail "to" my
>> domain.
>>
>> In other words, they connect to mail.foo.example claiming to be
>> from: sales at foo.example and sending to: user at foo.example.  For some
>> reason this is making it past my spam checks, and I don't know why.
>>
>> Strangely, this is happening both in postfix and in sendmail.
>>
>> It's quite annoying, and getting more.. "popular".
>>
>> Any advice from the crowd?
>>
>> I'm happy to share configuration data privately; on the sendmail side I
>> *do* use relay_based_on_MX; maybe that has something to do with it?
>>
>> On the postfix side, I might need to explicitly disallow senders
>> claiming to be from my own domain that aren't authenticated; I suppose I
>> need to add "reject_unlisted_sender" to my smtpd_sender_restrictions?
>>
>> Thanks,
>>
>> -derek
>>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>


-- 
       Derek Atkins                 617-623-3745
       derek at ihtfp.com             www.ihtfp.com
       Computer and Internet Security Consultant



More information about the Ale mailing list