Re: [gentoo-user] [uOT] Thunderbird, Mozilla and HELO

[Jonathan Wright]

Rasmus Andersen wrote:

I have a slightly offtopic question that I hope I can get help with
here. I have a home server, running an MTA for my domain. As of the last
month or so, I have experienced a huge increase in spam and spam
bounces. To combat this, I have upped my MTA's pickyness quite a bit but
would like to up it more. Specifically, I would like to reject mail
where sender says HELO jaquet.dk and/or where the Received line looks
like [EMAIL PROTECTED] (my MTA's Received stamps are of the form
[EMAIL PROTECTED]). Spammers like to use these to 'fake' their way
through.


I'm not sure about blocking a specific HELO request, but I added the 
following configuration to my main.cf, and combined with postgrey, my 
Spam dropped from 150 per day to around 50 per month:


# Set the server to reject any unauthorised e-mails and set what can
# and can't be sent or received by the server
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks
reject_non_fqdn_hostname
reject_invalid_hostname
reject_rbl_client xbl-xbl.spamhaus.org
reject_rbl_client bl.spamcop.net
reject_rbl_client relays.ordb.org
permit
smtpd_recipient_restrictions =
permit_sasl_authenticated
reject_non_fqdn_recipient
reject_unauth_destination
permit
smtpd_sender_restrictions =
permit_sasl_authenticated
reject_non_fqdn_sender
reject_unknown_sender_domain
reject_unauth_destination
# can't move from here as needs to know sender
check_policy_service unix:private/postgrey
permit
smtpd_data_restrictions =
reject_multi_recipient_bounce
permit

I've also added the following lines to prevent clients from  trying 
address after address in the same connection:


# Limit the number of addresses the remove server can
# send mail to, also adjusting the error calculation level
smtpd_recipient_limit = 3
smtpd_recipient_overshoot_limit = 1


That helped my server and account greatly with no (apparent) risk to 
genuine mail either.


--
 Jonathan Wright [EMAIL PROTECTED]
   http://djnauk.co.uk

 cat /dev/random (you never know, you may see something you like!)

 2.6.17-gentoo-r3-djnauk-b1 AMD Athlon(tm) XP 2100+
 up 57 days, 17:24, 1 user, load average: 0.78, 0.63, 0.30
--
gentoo-user@gentoo.org mailing list

[gentoo-user] [uOT] Thunderbird, Mozilla and HELO

[Rasmus Andersen]

Hi list,

I have a slightly offtopic question that I hope I can get help with
here. I have a home server, running an MTA for my domain. As of the last
month or so, I have experienced a huge increase in spam and spam
bounces. To combat this, I have upped my MTA's pickyness quite a bit but
would like to up it more. Specifically, I would like to reject mail
where sender says HELO jaquet.dk and/or where the Received line looks
like [EMAIL PROTECTED] (my MTA's Received stamps are of the form
[EMAIL PROTECTED]). Spammers like to use these to 'fake' their way
through.

This brings me to the point, because it seems like mozilla and
thunderbird (my GF uses one, I use the other) grabs the domain
information they use in their SMTP exchanges from the sender email address.
So, when my GF sends from work via their MTAs to my home server as
[EMAIL PROTECTED], that mail will run afoul of this rule since the first
Received will look like

Received: from jaquet.dk ()
by mail.XXX.dk (Postfix) with ESMTP id 75FE532CD4C
etc

even though her laptop at the point of sending isnt connected to my
network.

So, the question. Do anyone know how to fix this? I found a bugzilla
entry for this, https://bugzilla.mozilla.org/show_bug.cgi?id=68877,
with a final comment that this have been committed to tbird 0.6 and
mozilla 1.7 in 2005. I am running tbird 1.5.0.7 and still sees this. 
Any clues?

Thanks,
  Rasmus

-- 
gentoo-user@gentoo.org mailing list