Re: How to block spammers appearing as local users?

Mon, 31 Aug 2009 15:33:21 -0700 

nunatarsuaq a écrit :
> I'm getting spam messages appearing to be sent remotely from local users.
> Here's my log:
> 
> Aug 30 11:46:28 ghost postfix/smtpd[26223]: connect from
> ppp-124-122-30-5.revip2.asianet.co.th[124.122.30.5]
> Aug 30 11:46:30 ghost postfix/smtpd[26223]: 42593163773:
> client=ppp-124-122-30-5.revip2.asianet.co.th[124.122.30.5]
> Aug 30 11:46:31 ghost postfix/cleanup[26225]: 42593163773:
> message-id=<20090830094630.42593163...@ghost.emg-systems.com>
> Aug 30 11:46:31 ghost postfix/qmgr[21028]: 42593163773:
> from=<mylocalu...@emg-systems.com>, size=2438, nrcpt=1 (queue active)
> Aug 30 11:46:31 ghost amavis[25393]: (25393-11) ESMTP::10024
> /var/spool/amavis/tmp/amavis-20090830T075552-25393:
> <mylocalu...@emg-systems.com> -> <mylocalu...@emg-systems.com>
> SIZE=2438 Received: from ghost.emg-systems.com
> 
> [... here checking by amavis and spam-tagging...]
> 
> Aug 30 11:46:37 ghost postfix/cleanup[26225]: AC044163811:
> message-id=<20090830094630.42593163...@ghost.emg-systems.com>
> Aug 30 11:46:37 ghost postfix/qmgr[21028]: AC044163811:
> from=<mylocalu...@emg-systems.com>, size=3431, nrcpt=1 (queue active)
> Aug 30 11:46:37 ghost postfix/smtpd[26229]: disconnect from 
> localhost[127.0.0.1]
> Aug 30 11:46:37 ghost amavis[25393]: (25393-11) FWD via SMTP:
> <mylocalu...@emg-systems.com> -> <mylocalu...@emg-systems.com>, 250
> 2.6.0 Ok, id=25393-11, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok:
> queued as AC044163811
> [...]
> Aug 30 11:46:38 ghost postfix/lmtp[26232]: AC044163811:
> to=<mylocalu...@emg-systems.com>,
> relay=ghost.emg-systems.com[/var/lib/imap/socket/lmtp], delay=0.43,
> delays=0.12/0.04/0.02/0.25, dsn=2.1.5, status=sent (250 2.1.5 Ok)
> Aug 30 11:46:38 ghost postfix/qmgr[21028]: AC044163811: removed
> 
> How come my server accepts deliveries of this kind?
> 

Instead of cousing on the sender, focus on the client. that client has
no business sending mail to anyone.

try this

smtpd_recipient_restrictions =
        reject_non_fqdn_sender
        reject_non_fqdn_recipient
        permit_mynetworks
        permit_sasl_authenticated
        reject_unauth_destination
        reject_invalid_helo_hostname
        reject_non_fqdn_helo_hostname
        reject_rbl_client zen.spamhaus.org



> [snip]

Reply via email to