Re: [TriLUG] postfix security

Jeff Groves Sat, 11 Dec 2004 09:26:28 -0800

Skippy:

Thanks for you explanation of milter-ahead! I had never quite gotten my head around that particular milter until I read your email.

Jeff G.

[EMAIL PROTECTED] wrote:

Even without seeing the headers, its a pretty common thing for spammers to
send their spam through secondary mail servers.  From the volume of this
that I've seen I assume that a fairly large percentage of the spam
software does this automatically.

The problem for the mail admin is of course that in a standard setup, the
secondary has no idea what accounts are on the primary and so blindly
accepts everything for the domain.

In sendmail its possible to set up a mail filter that accepts the spam
connection and holds it open while it queries the primary to see if its a
valid address.  If it isn't the secondary refuses the spam right then and
never queues it.  The package I've used for that is milter-ahead from
www.milter.org.  I don't know if a similar setup is possible with postfix.


Skippy

Any chance you could post the headers of this email so that we could get
a better idea of  what happened?

Jeff G.

Michael Hrivnak wrote:

I have a question that relates directly to a spamming experience I
just had.

I understand what an MX record is.  I have setup multiple machines
that will  relay for my domain in the event my primary mail server is
down.  I did so by  adding to those machines this in
/etc/postfix/main.cf

relay_domains = $mydestination mydomaincom

All machines involved run Mandrake 10.0 or 10.1.  That tends to work,
but I  found a problem.  In theory, anyone on the internet can use
these backup  servers to send email to my domain.  Someone could spam
my domain all day and  all night through those servers.  In fact,
tonight I received a spam email  that came through one of those
servers and even claimed to be from two  accounts (which don't
actually exist) on that backup server (why would an  email be from 2
accounts anyway?). What can I do to prevent this?

Thanks a lot,

Michael


--
TriLUG mailing list        :
http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ
: http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
TriLUG PGP Keyring         : http://trilug.org/~chrish/trilug.asc

--
TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ  : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
TriLUG PGP Keyring         : http://trilug.org/~chrish/trilug.asc

Re: [TriLUG] postfix security

Reply via email to