A
A
Andrey2016-04-04 10:04:04
postfix
Andrey, 2016-04-04 10:04:04

How to protect yourself from spoofing the sender's address?

Hello! Has its own mail server. Lately, spam has been on the rise because:
1) Spammers send a valid HELO
2) Spammers have a PTR and all their hosts exist and resolve
3) The spammer's IP is not blacklisted by Spamhaus and other DNSRBLs
4) Spammers send emails from existing addresses to mail. ru, but not from mail.ru servers
for example
Apr 4 11:28:03 server2 postfix/smtpd[27030]: connect from 88.249.121.213.dynamic.ttnet.com.tr[88.249.121.213]
Apr 4 11:28:03 server2 postfix/smtpd[27030]: AEE963C60731: client=88.249.121.213.dynamic.ttnet.com.tr[88.249.121.213]
Apr 4 11:28:04 server2 postfix/cleanup[27079]: AEE963C60731: message-id=< [email protected]>
Apr 4 11:28:04 server2 postfix/qmgr[27006]: AEE963C60731: [email protected], size=6761, nrcpt=1 (queue active)
Apr 4 11:28:04 server2 postfix/local[27080] : AEE963C60731: [email protected], relay=local, delay=0.82, delays=0.71/0.01/0/0.1, dsn=2.0.0, status=sent (delivered to maildir)
so Actually the question is, does postfix have some kind of protection against this? For example, for some domains (mail.ru), check that these letters should be sent only from the mail.ru domain (for example, f323.i.mail.ru will be the correct server in this case, and 88.249.121.213.dynamic.ttnet.com .tr - no)

Answer the question

In order to leave comments, you need to log in

2 answer(s)
A
Andrey, 2016-04-05
@ivnish

Thanks to Vlad for the tip, the solution turned out to be:
1) Connect SPF check to postfix
2) Do not use postfix-policyd-spf-perl, but use postfix-policyd-spf-python. The thing is that postfix-policyd-spf-python has a configuration file where you can just specify which domains you need to be "more careful" with.
I wrote the line there Reject_Not_Pass_Domains = mail.ru,inbox.ru,list.ru ,bk.ru,yahoo.com,googlemail.com,gmail.com
Now if a letter supposedly comes from these domains and does not pass the SPF check, then these letters are cut.

V
Vlad Zhivotnev, 2016-04-04
@inkvizitor68sl

Check SPF.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question