Solved

Postfix Block Recipient

Posted on 2006-11-14
16
1,254 Views
Last Modified: 2013-12-16
I have been trolling around the net and have yet to find out if there exists the means within postfix itself to block and email if the recipient in the initial handshake doesn't match the recipient within the body.  I am also running SpamAssasin, is there a way within SA to get this functionality.  Thanks.
0
Comment
Question by:Dm32z
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 7
  • 2
16 Comments
 
LVL 14

Expert Comment

by:ygoutham
ID: 17944688
there is an option in the main.cf for rejecting mails for unknown users using local_recipient_maps.  tried that out???
0
 
LVL 14

Expert Comment

by:ygoutham
ID: 17944691
unknown_local_recipient_reject_code = 450

it says so in the main.cf file.  i have not tried it but worth a shot ...
0
 
LVL 1

Author Comment

by:Dm32z
ID: 17944706
The postfix sits out in the DMZ.  All it does is relay to inside mail servers.  It knows its' domains it answer to but not any recipients.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 14

Expert Comment

by:ygoutham
ID: 17944709
also read through the LOCAL_RECIPIENT_README file.  you can do a "locate ..." to find the file in your system.  postfix 2.0 and above allows this feature it seems.
0
 
LVL 1

Author Comment

by:Dm32z
ID: 17944712
I am just lately seeing alot of SPAM where as the sender address in the body is dofferent then the sender in the handshake.  Thanks for any guidance.
0
 
LVL 1

Author Comment

by:Dm32z
ID: 17944725
the private side mail servers are MS.  
0
 
LVL 14

Expert Comment

by:ygoutham
ID: 17944820
but most of the spam that lands within happens from users where the mails are targetted to "mail, root, postmaster, support, etc" which are valid users on the alias table.  are you getting weirdo names as well????
0
 
LVL 1

Author Comment

by:Dm32z
ID: 17944879
We are getting hit recently where the recip names on the initial connection to the server are valid emails, but the recip names within the body of the email is something else.  

0
 
LVL 14

Assisted Solution

by:ygoutham
ygoutham earned 200 total points
ID: 17944925
amavisd-new???  i have it and works perfectly fine for me.  any anti-spam running???
0
 
LVL 1

Author Comment

by:Dm32z
ID: 17944946
Spam Assasin
0
 
LVL 14

Expert Comment

by:ygoutham
ID: 17944957
you can download from

http://www.ijs.si/software/amavisd/

with a little bit of tweaking, you can even chose to reject mails beyond a particular spam score.  but the initial couple of weeks i would suggest not doing so, as the auto-learn gets more effective with better traffic.  quite simple and easy to configure
0
 
LVL 25

Accepted Solution

by:
Cyclops3590 earned 50 total points
ID: 17947318
I'm pretty sure what you want is impossible (during smtp process anyway).  The reason is that during the smtp process when the sending MTA tells the receiving MTA the from and rcpt addresses, the receiving MTA is completely ignorant of the contents of the email as of yet.  Only after it accepts the connection can the process you are asking for take place.

I'm still unconvinced that Postfix or any MTA can do this on its own.  The reason is this requires the program to keep the smtp parameters stored, and compare those parameters against what can be found in the body.  Now I know Postfix can do header checks, body checks, etc.  However I'm not aware of any ability to compare what is found there to what is received during the smtp process.  There are many other reasons why there is not good checks here either.

1) Whatif the RCPT TO is correct, the email is legit, but the recipient is a BCC.  No record of it in the headers.
2) Email might have been forwarded from another address.  Gmail to business email for example.  It will keep the gmail address there, but the RCPT TO will have a correct address.

I'd look into it I had more time, but honestly I don't believe this is possible.  Even if it was it'd very very difficult to prove the program is 100% correct.  I say utilize other anti-spam abilities of Postfix, use Amavis like ygoutham mentioned.  Make sure to specify banned files and have multiple AV programs running on your server.

Also, check out http://www.postfix.org/uce.html, as there are good hints there for anti-spam tricks in postfix.
0
 
LVL 1

Author Comment

by:Dm32z
ID: 17948053
Thanks.  I will go ahead and move on from this.  Maybe the problem is just SpamAssasin then eh?  I will go ahead and give Amavisd a try.  I do appreciate all the time.  
0
 
LVL 1

Author Comment

by:Dm32z
ID: 17948087
ygoutham I meant for it to show I accepted your answer with the assist to Cyclops3590.  I split to points as 200 to ygoutham and 50 to Cyclops3590.  Thanks again you two.  
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 17948903
SA only compares mail against rules.  It has the ability to modify the subject line to show its reached a certain score.  However if you want it droppped, it must be amavis that is configured to do that.

Also, be aware that amavis overrides many of SA's configurations.  It basically just passes email to the spamc client to run the spam detection rules and that's it.  Amavis takes care of rule scores for the most part.
0
 
LVL 14

Expert Comment

by:ygoutham
ID: 17953563
me here not for scores or anything. but only a small egoistic satisfaction at having cracked someone else's problem and a general community thingy.  thanx anyhow.
0

Featured Post

Veeam gives away 10 full conference passes

Veeam is a VMworld 2017 US & Europe Platinum Sponsor. Enter the raffle to get the full conference pass. Pass includes the admission to all general and breakout sessions, VMware Hands-On Labs, Solutions Exchange, exclusive giveaways and the great VMworld Customer Appreciation Part

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
Fine Tune your automatic Updates for Ubuntu / Debian
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question