On Sat, 2006-02-18 at 08:05 +0000, [EMAIL PROTECTED] wrote: > > Hi Youzef, > Hello Wolfgang > I am suggesting something that has been discussed controversially in the past: > dont let the mail even reach SA.... > I would assume that mail reaching my mailserver and saying it is from my > domain > would be mail submitted by one of my users, so I have changed the MTA to > require > authentication. At the time I did that, the only valid mail with forged > sender was some > kind of ebay notification, but they seem to have changed that. > I have my postfix check SPF records, as far as I remember, check my postconf -n at the bottom of the message
> Your headers dont show anything about SA testing; > there was a discussion about SA not scanning messages occasionally That's why I'm worried about it not showing anything related to SA in the headers!! > Also I would expect that emailmarketingmasters.com should show up in various > RBLs - check whether you have network tests enabled > here is my postconf -n which shows I have several network tests enabled (RBLs if I'm not mistaking) postconf -n biff = no bounce_queue_lifetime = 1d command_directory = /usr/sbin config_directory = /etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 daemon_directory = /usr/lib/postfix default_destination_concurrency_limit = 30 delay_warning_time = 1h disable_vrfy_command = yes empty_address_recipient = MAILER-DAEMON header_checks = regexp:/etc/postfix/header_checks home_mailbox = .maildir/ inet_interfaces = all local_recipient_maps = local_transport = error:local mail delivery is disabled mail_owner = postfix mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man message_size_limit = 20480000 mydestination = mydomain = savoladns.com myhostname = kansai.savoladns.com mynetworks = 127.0.0.0/8, 222.22.1.191/32, 222.22.1.157/32, 172.31.12.10/32, 222.22.1.105/32 myorigin = savola.com newaliases_path = /usr/bin/newaliases notify_classes = resource, software, protocol proxy_interfaces = 212.12.174.6 queue_directory = /var/spool/postfix queue_minfree = 120000000 readme_directory = /usr/share/doc/postfix-2.2.5/readme relay_domains = $transport_maps relay_recipient_maps = hash:/etc/postfix/relay_recipients sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtpd_banner = $myhostname ESMTP smtpd_helo_required = yes smtpd_recipient_restrictions = reject_non_fqdn_recipient reject_non_fqdn_sender reject_unknown_sender_domain reject_unknown_recipient_domain permit_mynetworks reject_unauth_destination check_recipient_access hash:/etc/postfix/roleaccount_exception reject_multi_recipient_bounce check_helo_access pcre:/etc/postfix/helo_checks reject_non_fqdn_hostname reject_invalid_hostname check_policy_service unix:private/policy-spf check_sender_access hash:/etc/postfix/sender_access reject_rbl_client relays.ordb.org reject_rbl_client cbl.abuseat.org reject_rbl_client sbl-xbl.spamhaus.org check_sender_access hash:/etc/postfix/rhsbl_sender_exceptions reject_rhsbl_sender dsn.rfc-ignorant.org permit smtpd_restriction_classes = greylist strict_rfc821_envelopes = yes transport_maps = hash:/etc/postfix/transport virtual_alias_maps = hash:/etc/postfix/virtual proxy:ldap:/etc/postfix/ldap-aliases.cf > Wolfgang Hamann > > >> > >> > >> Today I got a spam message which seems, at least for a newbie like me, > >> succeeded in passing SA for some reason! > >> > >> I'm calling SA through amavisd-new and have my Rules Du Jour updated > >> (manual updates so far) > >> > >> I would like to block such messages therefore, I'm seeking your kind > >> assistance in determining how it passed the "tests" and what am I > >> supposed to do in order to prevent these messages? > >> > >> Here are the headers of the message > >> > >> Return-Path: <[EMAIL PROTECTED]> > >> Received: from 10.10.10.50 by mailsrv with ESMTP id 44344701140190415; > >> Fri, 17 Feb 2006 18:33:35 +0300 > >> Received: from kansai.savoladns.com ([10.10.10.10]) by imssr with > >> trend_isnt_name_B; Fri, 17 Feb 2006 18:43:31 +0300 > >> Received: from kansai.savoladns.com ([127.0.0.1]) by localhost > >> (kansai.savoladns.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP > >> id 19503-12 for <[EMAIL PROTECTED]>; Fri, 17 Feb 2006 18:43:23 +0300 > >> (AST) > >> Received: from emailmarketingmasters.com (i538754C0.versanet.de > >> [83.135.84.192]) by kansai.savoladns.com (Postfix) with SMTP id > >> 7B42810073 for <[EMAIL PROTECTED]>; Fri, 17 Feb 2006 18:43:21 +0300 (AST) > >> Received: from 208.153.96.3 (SquirrelMail authenticated user > >> [EMAIL PROTECTED]); by emailmarketingmasters.com with HTTP id > >> J85Gz008484008; Fri, 17 Feb 2006 15:42:56 +0000 > >> Message-Id: <[EMAIL PROTECTED]> > >> Date: Fri, 17 Feb 2006 15:42:56 +0000 (18:42 AST) > >> Subject: In the Heart of Your Business! > >> From: Alishia Hurst <[EMAIL PROTECTED]> > >> To: [EMAIL PROTECTED] > >> User-Agent: SquirrelMail/1.4.3a > >> X-Mailer: SquirrelMail/1.4.3a > >> MIME-Version: 1.0 > >> Content-Type: text/html > >> X-Priority: 3 > >> X-Virus-Scanned: amavisd-new at savola.com > >> > >> Notice that the sender used my address as their E-mail address (forged > >> mail) > >> > >> Running: > >> SA SpamAssassin Client version 3.1.0 > >> amavisd-new-2.3.3 (20050822) > >> Postfix 2.2.5 > >> > >> Sincerely, > >> Yousef Raffah > >> Senior Systems Administrator > >> SSIS - The Savola Group > >> > >> -- > Sincerely, Yousef Raffah Senior Systems Administrator SSIS - The Savola Group -- Aren't you using Firefox? Get it at getfirefox.com yousef.raffah.com
signature.asc
Description: This is a digitally signed message part
