Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1269
  • Last Modified:

Postfix Block Recipient

I have been trolling around the net and have yet to find out if there exists the means within postfix itself to block and email if the recipient in the initial handshake doesn't match the recipient within the body.  I am also running SpamAssasin, is there a way within SA to get this functionality.  Thanks.
0
Dm32z
Asked:
Dm32z
  • 7
  • 7
  • 2
2 Solutions
 
ygouthamCommented:
there is an option in the main.cf for rejecting mails for unknown users using local_recipient_maps.  tried that out???
0
 
ygouthamCommented:
unknown_local_recipient_reject_code = 450

it says so in the main.cf file.  i have not tried it but worth a shot ...
0
 
Dm32zAuthor Commented:
The postfix sits out in the DMZ.  All it does is relay to inside mail servers.  It knows its' domains it answer to but not any recipients.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
ygouthamCommented:
also read through the LOCAL_RECIPIENT_README file.  you can do a "locate ..." to find the file in your system.  postfix 2.0 and above allows this feature it seems.
0
 
Dm32zAuthor Commented:
I am just lately seeing alot of SPAM where as the sender address in the body is dofferent then the sender in the handshake.  Thanks for any guidance.
0
 
Dm32zAuthor Commented:
the private side mail servers are MS.  
0
 
ygouthamCommented:
but most of the spam that lands within happens from users where the mails are targetted to "mail, root, postmaster, support, etc" which are valid users on the alias table.  are you getting weirdo names as well????
0
 
Dm32zAuthor Commented:
We are getting hit recently where the recip names on the initial connection to the server are valid emails, but the recip names within the body of the email is something else.  

0
 
ygouthamCommented:
amavisd-new???  i have it and works perfectly fine for me.  any anti-spam running???
0
 
Dm32zAuthor Commented:
Spam Assasin
0
 
ygouthamCommented:
you can download from

http://www.ijs.si/software/amavisd/

with a little bit of tweaking, you can even chose to reject mails beyond a particular spam score.  but the initial couple of weeks i would suggest not doing so, as the auto-learn gets more effective with better traffic.  quite simple and easy to configure
0
 
Cyclops3590Commented:
I'm pretty sure what you want is impossible (during smtp process anyway).  The reason is that during the smtp process when the sending MTA tells the receiving MTA the from and rcpt addresses, the receiving MTA is completely ignorant of the contents of the email as of yet.  Only after it accepts the connection can the process you are asking for take place.

I'm still unconvinced that Postfix or any MTA can do this on its own.  The reason is this requires the program to keep the smtp parameters stored, and compare those parameters against what can be found in the body.  Now I know Postfix can do header checks, body checks, etc.  However I'm not aware of any ability to compare what is found there to what is received during the smtp process.  There are many other reasons why there is not good checks here either.

1) Whatif the RCPT TO is correct, the email is legit, but the recipient is a BCC.  No record of it in the headers.
2) Email might have been forwarded from another address.  Gmail to business email for example.  It will keep the gmail address there, but the RCPT TO will have a correct address.

I'd look into it I had more time, but honestly I don't believe this is possible.  Even if it was it'd very very difficult to prove the program is 100% correct.  I say utilize other anti-spam abilities of Postfix, use Amavis like ygoutham mentioned.  Make sure to specify banned files and have multiple AV programs running on your server.

Also, check out http://www.postfix.org/uce.html, as there are good hints there for anti-spam tricks in postfix.
0
 
Dm32zAuthor Commented:
Thanks.  I will go ahead and move on from this.  Maybe the problem is just SpamAssasin then eh?  I will go ahead and give Amavisd a try.  I do appreciate all the time.  
0
 
Dm32zAuthor Commented:
ygoutham I meant for it to show I accepted your answer with the assist to Cyclops3590.  I split to points as 200 to ygoutham and 50 to Cyclops3590.  Thanks again you two.  
0
 
Cyclops3590Commented:
SA only compares mail against rules.  It has the ability to modify the subject line to show its reached a certain score.  However if you want it droppped, it must be amavis that is configured to do that.

Also, be aware that amavis overrides many of SA's configurations.  It basically just passes email to the spamc client to run the spam detection rules and that's it.  Amavis takes care of rule scores for the most part.
0
 
ygouthamCommented:
me here not for scores or anything. but only a small egoistic satisfaction at having cracked someone else's problem and a general community thingy.  thanx anyhow.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

  • 7
  • 7
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now