Solved

Set Postfix to block fake emails

Posted on 2008-10-22
9
1,879 Views
Last Modified: 2013-12-19
I just want to set postfix to block fake emails that can just type:

MAIL FROM: someonefake@google.com
RCPT TO: user@inmydomain.com

Of curse IP of sender is not even related with google's IP or their MX

I blocked almost all unwanted functionality in postfix, but I cant find proper information in documentation. I tried varies settings but all of them fails to prevent sending mail to mine server that way. I assume that this is a simple task, and you - experts - will get with this in 2 minutes... So can you help me ?
0
Comment
Question by:Pawel Witkowski
  • 3
  • 2
  • 2
  • +1
9 Comments
 
LVL 5

Assisted Solution

by:ifreq
ifreq earned 100 total points
ID: 22777165
There is no good proven way to validate sender of the email you receive, you would get a lot of better results by using some realtimeblacklist  like  Spamhaus.  Ive been using it over a year now with 0% false positive matches. And it drops about 80-95% of unwanted emails on the smtp-gateway level. Most  emails are originating from zombie bot-networks these days.

Installation instructions are here:

http://wiki.kartbuilding.net/index.php/Postfix_SMTP#Blocking_Spam_with_spamhaus_and_Postfix

0
 
LVL 4

Expert Comment

by:urgoll
ID: 22777764
I second ifreq in adding the configuration to use spamhaus.

You could also setup your postfix to check SPF records before accepting incoming emails. While not 100% perfect, most big free email provider to use SPF to announce servers which are expected to send email from their domain, and thus cuts back on email spoofind. Instructions at:
http://www.howtoforge.com/postfix_spf

Hope this helps,
Christophe
0
 
LVL 5

Expert Comment

by:ifreq
ID: 22777852
I second urgoll for SPF :-) Thought SPF is not so famous at the moment and it hasnt been goodly developed  in years anymore.  But thats one more thing you could add to your postfix installation too to make it more effective.
0
 
LVL 31

Expert Comment

by:rid
ID: 22778755
Have you set Postfix to reject rDNS failures and unknown hosts? That should take care of the scenario you outlined, I think.
/RID
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 4

Expert Comment

by:urgoll
ID: 22779131
rid: the original question discusses someone spoofing gmail.com addresses - hostnames are good and the mail sender's domain are valid, it's just that the address used doesn't exists.

It is true that rejecting reverse DNS failures and invalid domains is a good idea and cuts down the overall volume of spam. For the record, this is done but using :
                 reject_unknown_sender_domain,
                reject_invalid_hostname,
                reject_non_fqdn_sender,
                reject_non_fqdn_recipient,

to the smtpd_*_restrictions statements in the main.cf file.

Regards,
Christophe
0
 
LVL 31

Accepted Solution

by:
rid earned 200 total points
ID: 22779322
Right you are! Sort of shortcut that part of the problem before i wrote....
/RID
0
 
LVL 18

Author Comment

by:Pawel Witkowski
ID: 22783922
Actually i think that i set postfix very restrictive:

smtpd_sender_restrictions = permit_sasl_authenticated,  reject_unknown_sender_do
main,  reject_non_fqdn_sender,  reject_unknown_address

smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,rejec
t_unauth_destination, check_policy_service unix:private/policy-spf, reject_non_f
qdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unkn
own_recipient_domain, reject_invalid_hostname, reject_unverified_recipient, reje
ct_unknown_client

But i tried to find anything about my problem and ... cant find anything. As I said I can login into my server using my ISP IP by telneting to 25 port  then sending mail from even not fake mail but by spoofing someone (the problem is for example  security@paypal.com).  I would like to restrict that if someone want to send mail to recipient in mine server (because I got relaying turned off and set sasl auth so only problem sending to my recipient) then his IP must got revDNS on domain from where mail was sent (so revDNS of IP should be paypal.com). Is that even possible?? Futher more is there possible to set EHLO to user IP revDNS rather that what he typed??

Actually only I received spoofed paypal mail, but mine users are more like "normal" people and could be confused with that type of spam :( I apprecieate any help from you side here guys :)
0
 
LVL 4

Assisted Solution

by:urgoll
urgoll earned 200 total points
ID: 22788672
What you are describing would completely break email. For example, if I send an email from my gmail.com account, I see that the sending server is "ey-out-2122.google.com". See, there's no mention of gmail.com in the server name. This is why SPF was invented, to allow domain owners to announce which servers are authoritative for their domain.

You have put your finger on the great flaw of email as it is currently implemented, i.e. it is based on trust and good faith. All we can do now is use mitigating techniques, such as SPF, DKIM, doing rDNS checks and using anti-spam tools such as SpamAssassin to separate the wheat from the chaff.

0
 
LVL 18

Author Closing Comment

by:Pawel Witkowski
ID: 31508674
My problem is still not solved, but at least i know that this is impossible to do like I would think it could;) Poits here for you ppl for at least some light there
0

Featured Post

Save on storage to protect fatherhood memories

You're the dad who has everything. This Father's Day, make sure your family memories are protected. My Passport Ultra has automatic backup and password protection to keep your cherished photos and videos safe. With up to 3TB, you have plenty of room to hold the adventures ahead.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
cant ping a windows 10 computer 12 56
No RSTP between switches 3 49
Windows Server Backup for Exchange incremental 15 58
logging buffered 8 39
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now