On Friday 21 May 2004 09:12, Gareth might have typed:
> Hi Guys
>
> I keep getting SPAM that slips through SpamAssassin, and the from domain is
> the FQDN ([EMAIL PROTECTED]) of my mail server.
>
> Is this a 'Joe Job'..? How can I stop this... ? Should this be done at MTA
> (I'm using Postfix) level?
If the far end is saying HELO your.domain, tell postfix to reject that by
setting up a helo check, viz:
postfix $ cat helo_access.pcre
/80.229.5.88$/ 554 Pull the other leg
/\.cricalix\.net$/ 554 Pull the other leg
/^cricalix\.net$/ 554 Pull the other leg
/\.cricalix\.org$/ 554 Pull the other leg
/^cricalix\.org$/ 554 Pull the other leg
main.cf:
smtpd_helo_restrictions = permit_mynetworks,
permit_sasl_authenticated,
check_helo_access pcre:
$config_directory/helo_access.pcre,
check_helo_access pcre:
$config_directory/client_access.pcre,
reject_invalid_hostname
avoiding line wrap of course. The permit statements let my internal network
claim to be in my network, and my laptop, when it's on the road, also claim
(I uses sasl auth remotely).
And a joe job is more typically associated with a spammer using an address at
your domain as the sender address on a spam run, ensuring you get the
complaints.
