Solved

Postfix Block Recipient

Posted on 2006-11-14
16
1,236 Views
Last Modified: 2013-12-16
I have been trolling around the net and have yet to find out if there exists the means within postfix itself to block and email if the recipient in the initial handshake doesn't match the recipient within the body.  I am also running SpamAssasin, is there a way within SA to get this functionality.  Thanks.
0
Comment
Question by:Dm32z
  • 7
  • 7
  • 2
16 Comments
 
LVL 14

Expert Comment

by:ygoutham
ID: 17944688
there is an option in the main.cf for rejecting mails for unknown users using local_recipient_maps.  tried that out???
0
 
LVL 14

Expert Comment

by:ygoutham
ID: 17944691
unknown_local_recipient_reject_code = 450

it says so in the main.cf file.  i have not tried it but worth a shot ...
0
 
LVL 1

Author Comment

by:Dm32z
ID: 17944706
The postfix sits out in the DMZ.  All it does is relay to inside mail servers.  It knows its' domains it answer to but not any recipients.
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 14

Expert Comment

by:ygoutham
ID: 17944709
also read through the LOCAL_RECIPIENT_README file.  you can do a "locate ..." to find the file in your system.  postfix 2.0 and above allows this feature it seems.
0
 
LVL 1

Author Comment

by:Dm32z
ID: 17944712
I am just lately seeing alot of SPAM where as the sender address in the body is dofferent then the sender in the handshake.  Thanks for any guidance.
0
 
LVL 1

Author Comment

by:Dm32z
ID: 17944725
the private side mail servers are MS.  
0
 
LVL 14

Expert Comment

by:ygoutham
ID: 17944820
but most of the spam that lands within happens from users where the mails are targetted to "mail, root, postmaster, support, etc" which are valid users on the alias table.  are you getting weirdo names as well????
0
 
LVL 1

Author Comment

by:Dm32z
ID: 17944879
We are getting hit recently where the recip names on the initial connection to the server are valid emails, but the recip names within the body of the email is something else.  

0
 
LVL 14

Assisted Solution

by:ygoutham
ygoutham earned 200 total points
ID: 17944925
amavisd-new???  i have it and works perfectly fine for me.  any anti-spam running???
0
 
LVL 1

Author Comment

by:Dm32z
ID: 17944946
Spam Assasin
0
 
LVL 14

Expert Comment

by:ygoutham
ID: 17944957
you can download from

http://www.ijs.si/software/amavisd/

with a little bit of tweaking, you can even chose to reject mails beyond a particular spam score.  but the initial couple of weeks i would suggest not doing so, as the auto-learn gets more effective with better traffic.  quite simple and easy to configure
0
 
LVL 25

Accepted Solution

by:
Cyclops3590 earned 50 total points
ID: 17947318
I'm pretty sure what you want is impossible (during smtp process anyway).  The reason is that during the smtp process when the sending MTA tells the receiving MTA the from and rcpt addresses, the receiving MTA is completely ignorant of the contents of the email as of yet.  Only after it accepts the connection can the process you are asking for take place.

I'm still unconvinced that Postfix or any MTA can do this on its own.  The reason is this requires the program to keep the smtp parameters stored, and compare those parameters against what can be found in the body.  Now I know Postfix can do header checks, body checks, etc.  However I'm not aware of any ability to compare what is found there to what is received during the smtp process.  There are many other reasons why there is not good checks here either.

1) Whatif the RCPT TO is correct, the email is legit, but the recipient is a BCC.  No record of it in the headers.
2) Email might have been forwarded from another address.  Gmail to business email for example.  It will keep the gmail address there, but the RCPT TO will have a correct address.

I'd look into it I had more time, but honestly I don't believe this is possible.  Even if it was it'd very very difficult to prove the program is 100% correct.  I say utilize other anti-spam abilities of Postfix, use Amavis like ygoutham mentioned.  Make sure to specify banned files and have multiple AV programs running on your server.

Also, check out http://www.postfix.org/uce.html, as there are good hints there for anti-spam tricks in postfix.
0
 
LVL 1

Author Comment

by:Dm32z
ID: 17948053
Thanks.  I will go ahead and move on from this.  Maybe the problem is just SpamAssasin then eh?  I will go ahead and give Amavisd a try.  I do appreciate all the time.  
0
 
LVL 1

Author Comment

by:Dm32z
ID: 17948087
ygoutham I meant for it to show I accepted your answer with the assist to Cyclops3590.  I split to points as 200 to ygoutham and 50 to Cyclops3590.  Thanks again you two.  
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 17948903
SA only compares mail against rules.  It has the ability to modify the subject line to show its reached a certain score.  However if you want it droppped, it must be amavis that is configured to do that.

Also, be aware that amavis overrides many of SA's configurations.  It basically just passes email to the spamc client to run the spam detection rules and that's it.  Amavis takes care of rule scores for the most part.
0
 
LVL 14

Expert Comment

by:ygoutham
ID: 17953563
me here not for scores or anything. but only a small egoistic satisfaction at having cracked someone else's problem and a general community thingy.  thanx anyhow.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Postfix issues with spam/auth attempts under NAT 9 83
App holding yum lock unable to update my rpm package 1 54
windows 7 starter missing password 21 77
linux SFTP 8 42
Daily system administration tasks often require administrators to connect remote systems. But allowing these remote systems to accept passwords makes these systems vulnerable to the risk of brute-force password guessing attacks. Furthermore there ar…
Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question