Question

Set Postfix to block fake emails

Asked by: wilq32

I just want to set postfix to block fake emails that can just type:

MAIL FROM: someonefake@google.com
RCPT TO: user@inmydomain.com

Of curse IP of sender is not even related with google's IP or their MX

I blocked almost all unwanted functionality in postfix, but I cant find proper information in documentation. I tried varies settings but all of them fails to prevent sending mail to mine server that way. I assume that this is a simple task, and you - experts - will get with this in 2 minutes... So can you help me ?

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2008-10-22 at 03:04:08ID23836296
Topics

Unix Networking

,

Email Servers

,

Postfix

Participating Experts
3
Points
500
Comments
9

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. Postfix Question -- Here is my main.cf file and aliases fil…
    Postfix Question -- Here is my main.cf file and aliases file. 200 points. # /usr/sbin/postfix start //Says that it starts the server -- but it never does. # /usr/sbin/postfix reload //Says "postfix/postfix-script: fatal: the Postfix mail system is not running" ...
  2. Postfix evelope???
    Hi everyone. I've made my Postfix Linux server working. At this time it drives a fakedomain *.localdomain (localhost.localdomain). I can send a mail to hotmail without any glitches, but when i send to my own address it get the mail back with this text: --------------------...
  3. Postfix usage in email headers
    From your own, personal experience, not from research with Google... Please talk about your own usage of Postfix, especially with regard to concealing the origin of an email. If it has been used for this purpose, can a recipient somehow reverse the process to see the true o...
  4. what is this postfix maillog error
    what is this postfix maillog error? Feb 21 23:28:06 xxxxxx postfix/smtpd[2758]: NOQUEUE: reject: RCPT from col0-omc4-s4.col0.hotmail.com[65.55.34.206]: 450 4.1.1 <ads@domain1.com>: Recipient address rejected: User unknown in local recipient table; from=<> to=<...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: ifreqPosted on 2008-10-22 at 07:46:26ID: 22777165

There is no good proven way to validate sender of the email you receive, you would get a lot of better results by using some realtimeblacklist  like  Spamhaus.  Ive been using it over a year now with 0% false positive matches. And it drops about 80-95% of unwanted emails on the smtp-gateway level. Most  emails are originating from zombie bot-networks these days.

Installation instructions are here:

http://wiki.kartbuilding.net/index.php/Postfix_SMTP#Blocking_Spam_with_spamhaus_and_Postfix

 

by: urgollPosted on 2008-10-22 at 08:33:44ID: 22777764

I second ifreq in adding the configuration to use spamhaus.

You could also setup your postfix to check SPF records before accepting incoming emails. While not 100% perfect, most big free email provider to use SPF to announce servers which are expected to send email from their domain, and thus cuts back on email spoofind. Instructions at:
http://www.howtoforge.com/postfix_spf

Hope this helps,
Christophe

 

by: ifreqPosted on 2008-10-22 at 08:39:38ID: 22777852

I second urgoll for SPF :-) Thought SPF is not so famous at the moment and it hasnt been goodly developed  in years anymore.  But thats one more thing you could add to your postfix installation too to make it more effective.

 

by: ridPosted on 2008-10-22 at 09:57:52ID: 22778755

Have you set Postfix to reject rDNS failures and unknown hosts? That should take care of the scenario you outlined, I think.
/RID

 

by: urgollPosted on 2008-10-22 at 10:34:59ID: 22779131

rid: the original question discusses someone spoofing gmail.com addresses - hostnames are good and the mail sender's domain are valid, it's just that the address used doesn't exists.

It is true that rejecting reverse DNS failures and invalid domains is a good idea and cuts down the overall volume of spam. For the record, this is done but using :
                 reject_unknown_sender_domain,
                reject_invalid_hostname,
                reject_non_fqdn_sender,
                reject_non_fqdn_recipient,

to the smtpd_*_restrictions statements in the main.cf file.

Regards,
Christophe

 

by: ridPosted on 2008-10-22 at 10:51:56ID: 22779322

Right you are! Sort of shortcut that part of the problem before i wrote....
/RID

 

by: wilq32Posted on 2008-10-23 at 01:02:30ID: 22783922

Actually i think that i set postfix very restrictive:

smtpd_sender_restrictions = permit_sasl_authenticated,  reject_unknown_sender_do
main,  reject_non_fqdn_sender,  reject_unknown_address

smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,rejec
t_unauth_destination, check_policy_service unix:private/policy-spf, reject_non_f
qdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unkn
own_recipient_domain, reject_invalid_hostname, reject_unverified_recipient, reje
ct_unknown_client

But i tried to find anything about my problem and ... cant find anything. As I said I can login into my server using my ISP IP by telneting to 25 port  then sending mail from even not fake mail but by spoofing someone (the problem is for example  security@paypal.com).  I would like to restrict that if someone want to send mail to recipient in mine server (because I got relaying turned off and set sasl auth so only problem sending to my recipient) then his IP must got revDNS on domain from where mail was sent (so revDNS of IP should be paypal.com). Is that even possible?? Futher more is there possible to set EHLO to user IP revDNS rather that what he typed??

Actually only I received spoofed paypal mail, but mine users are more like "normal" people and could be confused with that type of spam :( I apprecieate any help from you side here guys :)

 

by: urgollPosted on 2008-10-23 at 10:37:57ID: 22788672

What you are describing would completely break email. For example, if I send an email from my gmail.com account, I see that the sending server is "ey-out-2122.google.com". See, there's no mention of gmail.com in the server name. This is why SPF was invented, to allow domain owners to announce which servers are authoritative for their domain.

You have put your finger on the great flaw of email as it is currently implemented, i.e. it is based on trust and good faith. All we can do now is use mitigating techniques, such as SPF, DKIM, doing rDNS checks and using anti-spam tools such as SpamAssassin to separate the wheat from the chaff.

 

by: wilq32Posted on 2008-10-29 at 04:24:18ID: 31508674

My problem is still not solved, but at least i know that this is impossible to do like I would think it could;) Poits here for you ppl for at least some light there

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...