Re: avoid external emails that the from=< and the to=< are the same user
El 16/11/2018 a las 15:41, Wietse Venema escribió: Francesc Pe?alvez: Lately we are receiving spam mails that apparently the mail from the and the to is the same. How is it possible to avoid this?. I have configured postfix to avoid the relay of emails and to be able to send mail through my postfix is necessary the auth , these emails are sent externally from several ips and seeing the logs of those emails are not authenticated Postfix 3.0 and later: /etc/postfix/main.cf: smtpd_sender_restrictions = permit_mynetworks permit_sasl_authenticated check_sender_access inline:{ { example.com = REJECT local sender from unauthorized client } { other.example = REJECT local sender from unauthorized client } } Instead of example.com and other.example, specify your email domains. Note: this breaks email from remote mail forwarders or from remote distribution lists that don't reset the sender address. Wietse thank you I had debian jessie and I was unable to update postfix with tls and sasl so I had to update debian to get postfix 3.x and it worked correctly your solution -- * Este mensaje y todos los archivos adjuntos son confidenciales y de uso exclusivo por parte de su/sus destinatario/s. Si usted ha recibido este mensaje por error, le agradecemos que lo notifique inmediatamente al remitente y destruya el mensaje. Queda prohibida cualquier modificación, edición, uso o divulgación no autorizados. El Emisor no se hace responsable de este mensaje si ha sido modificado, distorsionado, falsificado, infectado por un virus o editado o difundido sin autorización. *** This message and any attachments are confidential and intended for the named addressee(s) only. If you have received this message in error, please notify immediately the sender, then delete the message. Any unauthorized modification, edition, use or dissemination is prohibited. The sender shall not be liable for this message if it has been modified, altered, falsified, infected by a virus or even edited or disseminated without authorization. *** smime.p7s Description: Firma criptográfica S/MIME
Re: avoid external emails that the from=< and the to=< are the same user
Francesc Pe?alvez: > Lately we are receiving spam mails that apparently the mail from the and > the to is the same. How is it possible to avoid this?. I have configured > postfix to avoid the relay of emails and to be able to send mail through > my postfix is necessary the auth , these emails are sent externally from > several ips and seeing the logs of those emails are not authenticated Postfix 3.0 and later: /etc/postfix/main.cf: smtpd_sender_restrictions = permit_mynetworks permit_sasl_authenticated check_sender_access inline:{ { example.com = REJECT local sender from unauthorized client } { other.example = REJECT local sender from unauthorized client } } Instead of example.com and other.example, specify your email domains. Note: this breaks email from remote mail forwarders or from remote distribution lists that don't reset the sender address. Wietse
Re: avoid external emails that the from=< and the to=< are the same user
On Fri, 16 Nov 2018 at 13:20, Francesc Peñalvez wrote: > > Lately we are receiving spam mails that apparently the mail from the and > the to is the same. How is it possible to avoid this?. I have configured > postfix to avoid the relay of emails and to be able to send mail through > my postfix is necessary the auth , these emails are sent externally from > several ips and seeing the logs of those emails are not authenticated SpamAssassin 3.4.2 has the FromNameSpoof Plugin which should help. You can also write your own header_checks test like this (which is broader than your use case): if /^From:/ # emails from our domains and some others are not subject to restrictions here /((mydomain1\.tld|mydomain2\.tld)>?\s*$/ DUNNO # but try to block emails that pretend to be from us # (a) e.g. From: domi...@mydomain1.tld /^(.*mydomain1\.tld"? <.*)$/ REJECT From header impersonation type 1 # (b) e.g. From: Dominic Raferd if /^From: ?(Mr?s? )?(D(ominic)?.*Raferd)/ # but allow some exceptions... e.g. apple, launchpad !/(@bugs\.launchpad\.net|noreply@email\.apple\.com)>?\s*$/ REJECT From header impersonation type 2 endif