Re: Never deliver outbound mail for a specified domain
Andrea Gozzi: On Tue, 2008-09-09 at 13:25 -0400, Wietse Venema wrote: Andrea Gozzi: On Tue, 2008-09-09 at 13:03 -0400, Wietse Venema wrote: It works, thanks. I have one further question: how do I restrict access to postfix for any user with @myfreemail.com account only from localhost (where the webmail is running)? The answer depends on how your webmail injects mail into Postfix. Wietse Via smtpd. ... /etc/postfix/sender_access: myfreemail.com REJECT restricted to localhost only ... The REDIRECT check can easily be bypassed by changing the MAIL FROM: , so I configured the webmail to allow mail originating from the real address only. Unfortunately, someone might still try to connect directly to postfix and fake the envelope.. Is there any way to enforce the localhost origin restriction after the users have authenticated? You replied above that the web application injects mail into Postfix via SMTP. This means that the web application gives the MAIL FROM address to Postfix. Therefore the web application can reject addresses that have the wrong sender domain. Wietse
Re: Never deliver outbound mail for a specified domain
On Sat, 2008-09-06 at 08:27 -0400, Wietse Venema wrote: Andrea Gozzi: Hi all. Some time ago I set up a spammers' trap in the way of a fake webmail service where they can register for a free account. Up until now I was just saving their details (name,current email,ip,..) in a database and never sending them the account login information. Since many of the scammers that register are emailing me back with a request for such data, I thought of giving it to them, but not allowing their mail to be sent. Even better, all their mail should go to a local account so that I could check for 419 messages and spread the word around. To be clearer: I want to set up a domain, myfreemail.com, where the spammers will have their accounts. They will be able to log-in with a webmail client and receive correctly any email addressed to them (unless caught by SA, but that's another story). What they will not be able to do, is to send mail. Any email originating from the webmail for myfreemail.com will have to be diverted to [EMAIL PROTECTED] without telling the sender. To him everything will look like it went well and the delivery was successful. My question is: can I accomplish something like that with postfix (and my current virtual domain setup)? Depending on how your webmail injects mail into Postfix, and how it can be distinguished from other mail: man 5 access (see REDIRECT action) man 5 header_checks (see REDIRECT action) Wietse It works, thanks. I have one further question: how do I restrict access to postfix for any user with @myfreemail.com account only from localhost (where the webmail is running)? Andrea
Re: Never deliver outbound mail for a specified domain
Andrea Gozzi: To be clearer: I want to set up a domain, myfreemail.com, where the spammers will have their accounts. They will be able to log-in with a webmail client and receive correctly any email addressed to them (unless caught by SA, but that's another story). What they will not be able to do, is to send mail. Any email originating from the webmail for myfreemail.com will have to be diverted to [EMAIL PROTECTED] without telling the sender. To him everything will look like it went well and the delivery was successful. My question is: can I accomplish something like that with postfix (and my current virtual domain setup)? Depending on how your webmail injects mail into Postfix, and how it can be distinguished from other mail: man 5 access (see REDIRECT action) man 5 header_checks (see REDIRECT action) Wietse It works, thanks. I have one further question: how do I restrict access to postfix for any user with @myfreemail.com account only from localhost (where the webmail is running)? The answer depends on how your webmail injects mail into Postfix. Wietse
Re: Never deliver outbound mail for a specified domain
On Tue, 2008-09-09 at 13:03 -0400, Wietse Venema wrote: It works, thanks. I have one further question: how do I restrict access to postfix for any user with @myfreemail.com account only from localhost (where the webmail is running)? The answer depends on how your webmail injects mail into Postfix. Wietse Via smtpd. Andrea ps: just as a curiosity, would it even be possible to restrict based on IP if injected via sendmail?
Re: Never deliver outbound mail for a specified domain
Andrea Gozzi: On Tue, 2008-09-09 at 13:03 -0400, Wietse Venema wrote: It works, thanks. I have one further question: how do I restrict access to postfix for any user with @myfreemail.com account only from localhost (where the webmail is running)? The answer depends on how your webmail injects mail into Postfix. Wietse Via smtpd. /etc/postfix/main.cf: smtpd_sender_restrictions = check_client_access hash:/etc/postfix/client_access check_sender_access hash:/etc/postfix/sender_access /etc/postfix/client_access: 127.0.0.1 OK /etc/postfix/sender_access: myfreemail.com REJECT restricted to localhost only But your requested policy makes no sense. Wietse
Re: Never deliver outbound mail for a specified domain
On Tue, 2008-09-09 at 22:06 +0200, mouss wrote: Andrea Gozzi wrote: On Tue, 2008-09-09 at 13:03 -0400, Wietse Venema wrote: It works, thanks. I have one further question: how do I restrict access to postfix for any user with @myfreemail.com account only from localhost (where the webmail is running)? The answer depends on how your webmail injects mail into Postfix. Wietse Via smtpd. Andrea ps: just as a curiosity, would it even be possible to restrict based on IP if injected via sendmail? sendmail doesn't use IP. do you mean something else? Yeah that's what I was thinking. So a restriction based on the originating network address only makes sense if injection is smtpd. Andrea
Never deliver outbound mail for a specified domain
Hi all. Some time ago I set up a spammers' trap in the way of a fake webmail service where they can register for a free account. Up until now I was just saving their details (name,current email,ip,..) in a database and never sending them the account login information. Since many of the scammers that register are emailing me back with a request for such data, I thought of giving it to them, but not allowing their mail to be sent. Even better, all their mail should go to a local account so that I could check for 419 messages and spread the word around. To be clearer: I want to set up a domain, myfreemail.com, where the spammers will have their accounts. They will be able to log-in with a webmail client and receive correctly any email addressed to them (unless caught by SA, but that's another story). What they will not be able to do, is to send mail. Any email originating from the webmail for myfreemail.com will have to be diverted to [EMAIL PROTECTED] without telling the sender. To him everything will look like it went well and the delivery was successful. My question is: can I accomplish something like that with postfix (and my current virtual domain setup)? Andrea
Re: Never deliver outbound mail for a specified domain
How do you know it's not someone who honestly wants a webmail account..? -N. On Sep 6, 2008, at 5:35 AM, Andrea Gozzi wrote: Hi all. Some time ago I set up a spammers' trap in the way of a fake webmail service where they can register for a free account. Up until now I was just saving their details (name,current email,ip,..) in a database and never sending them the account login information. Since many of the scammers that register are emailing me back with a request for such data, I thought of giving it to them, but not allowing their mail to be sent. Even better, all their mail should go to a local account so that I could check for 419 messages and spread the word around. To be clearer: I want to set up a domain, myfreemail.com, where the spammers will have their accounts. They will be able to log-in with a webmail client and receive correctly any email addressed to them (unless caught by SA, but that's another story). What they will not be able to do, is to send mail. Any email originating from the webmail for myfreemail.com will have to be diverted to [EMAIL PROTECTED] without telling the sender. To him everything will look like it went well and the delivery was successful. My question is: can I accomplish something like that with postfix (and my current virtual domain setup)? Andrea