[TriLUG] postfix security
skippy1 at hickorytech.net
skippy1 at hickorytech.net
Sun Dec 12 09:03:04 EST 2004
You're quite welcome though I should worn that I'm not an expert with it
by any means. It sounded enough like what we needed to solve a problem so
I installed it on a test box. The install was painful enough that I
learned a bit more than I wanted to in the process.
There's a few more details and some comparisons between milter-ahead and
Postfix's verify in the messages from Aaron and I.
Skippy
> Skippy:
>
> Thanks for you explanation of milter-ahead! I had never quite gotten my
> head around that particular milter until I read your email.
>
> Jeff G.
>
> skippy1 at hickorytech.net wrote:
>> Even without seeing the headers, its a pretty common thing for
>> spammers to send their spam through secondary mail servers. From the
>> volume of this that I've seen I assume that a fairly large percentage
>> of the spam software does this automatically.
>>
>> The problem for the mail admin is of course that in a standard setup,
>> the secondary has no idea what accounts are on the primary and so
>> blindly accepts everything for the domain.
>>
>> In sendmail its possible to set up a mail filter that accepts the spam
>> connection and holds it open while it queries the primary to see if
>> its a valid address. If it isn't the secondary refuses the spam right
>> then and never queues it. The package I've used for that is
>> milter-ahead from www.milter.org. I don't know if a similar setup is
>> possible with postfix.
>>
>>
>> Skippy
>>
>>
>>>Any chance you could post the headers of this email so that we could
>>> get a better idea of what happened?
>>>
>>>Jeff G.
>>>
>>>Michael Hrivnak wrote:
>>>
>>>>I have a question that relates directly to a spamming experience I
>>>> just had.
>>>>
>>>>I understand what an MX record is. I have setup multiple machines
>>>> that will relay for my domain in the event my primary mail server is
>>>> down. I did so by adding to those machines this in
>>>>/etc/postfix/main.cf
>>>>
>>>>relay_domains = $mydestination mydomaincom
>>>>
>>>>All machines involved run Mandrake 10.0 or 10.1. That tends to work,
>>>> but I found a problem. In theory, anyone on the internet can use
>>>> these backup servers to send email to my domain. Someone could spam
>>>> my domain all day and all night through those servers. In fact,
>>>> tonight I received a spam email that came through one of those
>>>> servers and even claimed to be from two accounts (which don't
>>>>actually exist) on that backup server (why would an email be from 2
>>>> accounts anyway?). What can I do to prevent this?
>>>>
>>>>Thanks a lot,
>>>>
>>>>Michael
>>>
>>>--
>>>TriLUG mailing list :
>>>http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational
>>> FAQ : http://trilug.org/faq/
>>>TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>>> TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
>>
>>
>>
>>
> --
> TriLUG mailing list :
> http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ
> : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
More information about the TriLUG
mailing list