On Dec 20, 2018 1:37 AM, Mik J <mikyde...@yahoo.fr> wrote:
>
> Hello Edgar,
>
> I don't relay without authentication except for local networks
>
> Here's my configuration for incomming mails
> ##################
> # INCOMING MAILS #
> ##################
> listen on 127.0.0.1 port 10024 tag CLAM_IN # From Clamav
> listen on 127.0.0.1 port 10028 tag DKIM_IN # From dkimproxy
> # Reject some domains considered as spam
> reject sender <spamdomaines> for any
>
> accept tagged CLAM_IN for domain <domaines> virtual <utilisateurs> deliver to maildir "/home/mail/%{dest.domain:lowercase}/%{dest.user:lowercase}/Maildir"
> accept tagged CLAM_IN for local alias <aliases> deliver to maildir "/home/mail/%{rcpt.domain:lowercase}/%{dest.user:lowercase}/Maildir"
> accept tagged DKIM_IN for any relay via smtp://127.0.0.1:10023
>
> # No authentication for local networks
> accept from source <clients> for domain <domaines> relay via smtp://127.0.0.1:10027
>
> # Accept and relay only if the domain is explicitly specified (file courriels = @mydomain.org)
> accept from any sender !<courriels> for domain <domaines> relay via smtp://127.0.0.1:10027
>
>
> The mail header looks like that
> Return-Path: aaron552sm...@yahoo.jp
> ...
> From: i...@mydomain.org
Looks like they are just spoofing the From header.
> X-Accept-Language: en-us
> MIME-Version: 1.0
> To: <i...@mydomain.org>
>
> The logs like that
>
> Dec 12 23:34:26 ovhegravmx63 smtpd[76185]: e216cee5c463851f mta event=closed reason=quit messages=0
> Dec 12 23:35:52 ovhegravmx63 smtpd[76185]: e216cee6e1356908 smtp event=connected address=185.48.39.65 host=185.48.39.65
> Dec 12 23:35:55 ovhegravmx63 smtpd[76185]: e216cee6e1356908 smtp event=message address=185.48.39.65 host=185.48.39.65 msgid=e00cc59e from=<aaron552sm...@yahoo.jp> to=<i...@mydomain.org> size=4393 ndest=1 proto=SMTP
> Dec 12 23:35:55 ovhegravmx63 smtpd[76185]: e216cee9561b88cc mta event=connecting address=smtp://127.0.0.1:10027 host=localhost
> Dec 12 23:35:55 ovhegravmx63 smtpd[76185]: e216cee9561b88cc mta event=connected
> Dec 12 23:35:55 ovhegravmx63 smtpd[76185]: e216ceea49112188 smtp event=connected address=127.0.0.1 host=localhost
> Dec 12 23:35:55 ovhegravmx63 dkimproxy.in[9548]: DKIM verify - none; message-id=<ba78bd35.2d1db...@yahoo.jp>, from=<i...@mydomain.org>
> Dec 12 23:35:55 ovhegravmx63 smtpd[76185]: e216ceea49112188 smtp event=message address=127.0.0.1 host=localhost msgid=47085653 from=<aaron552sm...@yahoo.jp> to=<i...@mydomain.org> size=4687 ndest=1 proto=ESMTP
>
>
> Le jeudi 20 décembre 2018 à 04:04:10 UTC+1, Edgar Pettijohn <ed...@pettijohn-web.com> a écrit :
>
>
> On Wed, Dec 19, 2018 at 11:37:31PM +0000, Mik J wrote:
>
> > Hello,
> >
> > I have wrote rules for my opensmtpd but some spams are passing through.
> >
> > The ones that I go through have a source like em...@mydomain.org and are sent to i...@mydomain.org
> > I'm wondering if some of you have written this kind of rule ?
> >
> > reject from source !<myallowedclients> sender <mydomains> for domain <mydomains>
> >
> > Regards
>
>
> Please provide your /etc/mail/smtpd.conf
>
> And perhaps some logs where the spammers are getting through.
>
> You shouldn't allow your server to be used as a relay without authentication.
>
> Edgar
>
> --
> You received this mail because you are subscribed to misc@opensmtpd.org
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
>
>
