How to reject mails where from address and to address is myself.

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|

How to reject mails where from address and to address is myself.

anant
Dear List,

Lot of SPAM mails are being received where from and to address is  
myself and the mail has contents which are dirty/bad.

The original sender id will be different.

How to handle such mails.

--
Anant S Athavale
------------------------------------------------------------------------------
IMPORTANT NOTE:

ISRO Satellite Centre (ISAC) was renamed as U R Rao Satellite Centre (URSC).
Hence, the existing domain (isac.gov.in) is changed to new domain ursc.gov.in
resulting into change of e-mail address from [hidden email] to  
[hidden email].
Please note this change and update your contact details for new domain  
(ursc.gov.in).
------------------------------------------------------------------------------
Confidentiality Notice: This e-mail message, including any attachments, is for
the sole use of the intended recipient(s) and may contain confidential and
privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original
message.
------------------------------------------------------------------------------

Reply | Threaded
Open this post in threaded view
|

Re: How to reject mails where from address and to address is myself.

Michael-4
Your email filter should be able to quarantine or discard any email that
fails the SPF check.

If you want to take it further, you can add a DMARC record after
ensuring that your SPF and DKIM are working properly. Again, your filter
will need to correctly handle any email that fails DMARC.

Can you post the headers of one of the emails?



On 2019-05-28 6:19 am, [hidden email] wrote:

> Dear List,
>
> Lot of SPAM mails are being received where from and to address is
> myself and the mail has contents which are dirty/bad.
>
> The original sender id will be different.
>
> How to handle such mails.
>
> --
> Anant S Athavale
> ------------------------------------------------------------------------------
> IMPORTANT NOTE:
>
> ISRO Satellite Centre (ISAC) was renamed as U R Rao Satellite Centre
> (URSC).
> Hence, the existing domain (isac.gov.in) is changed to new domain
> ursc.gov.in
> resulting into change of e-mail address from [hidden email] to
> [hidden email].
> Please note this change and update your contact details for new domain
>  (ursc.gov.in).
> ------------------------------------------------------------------------------
> Confidentiality Notice: This e-mail message, including any attachments,
> is for
> the sole use of the intended recipient(s) and may contain confidential
> and
> privileged information. Any unauthorized review, use, disclosure or
> distribution is prohibited. If you are not the intended recipient,
> please
> contact the sender by reply e-mail and destroy all copies of the
> original
> message.
> ------------------------------------------------------------------------------
Reply | Threaded
Open this post in threaded view
|

Re: How to reject mails where from address and to address is myself.

anant

We have implemented SPF check but not DMARC.  It is passing SPF check also.

regards,
anant.


----- Message from Michael <[hidden email]> ---------
   Date: Tue, 28 May 2019 07:10:50 -0500
   From: Michael <[hidden email]>
Subject: Re: How to reject mails where from address and to address is myself.
     To: [hidden email]

Your email filter should be able to quarantine or discard any email that fails the SPF check.

If you want to take it further, you can add a DMARC record after ensuring that your SPF and DKIM are working properly. Again, your filter will need to correctly handle any email that fails DMARC.

Can you post the headers of one of the emails?



On 2019-05-28 6:19 am, [hidden email] wrote:

Dear List,

Lot of SPAM mails are being received where from and to address is
myself and the mail has contents which are dirty/bad.

The original sender id will be different.

How to handle such mails.

--
Anant S Athavale
------------------------------------------------------------------------------
IMPORTANT NOTE:

ISRO Satellite Centre (ISAC) was renamed as U R Rao Satellite Centre (URSC).
Hence, the existing domain (isac.gov.in) is changed to new domain ursc.gov.in
resulting into change of e-mail address from [hidden email] to
[hidden email].
Please note this change and update your contact details for new domain
(ursc.gov.in).
------------------------------------------------------------------------------
Confidentiality Notice: This e-mail message, including any attachments, is for
the sole use of the intended recipient(s) and may contain confidential and
privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original
message.------------------------------------------------------------------------------




----- End message from Michael <[hidden email]> -----
 
Anant S Athavale



IMPORTANT NOTE:
ISRO Satellite Centre (ISAC) was renamed as U R Rao Satellite Centre (URSC). Hence, the existing domain (isac.gov.in) is changed to new domain ursc.gov.in resulting into change of e-mail address from [hidden email] to [hidden email]. Please note this change and update your contact details for new domain (ursc.gov.in).


गोपनीयता सूचनाःयह ई मेल अपने संलग्न दस्तावेजों के साथ केवल अभीष्ट प्राप्तकर्ता (ओं) के उपयोग के लिए है । इस ई मेल में गोपनीय और विशेषाधिकृत सूचनायें भी हो सकती हैं । इनका अनाधिकृत पुनरीक्षण, उपयोग अथवा वितरण निषिद्ध है । यदि आप अभीष्ट प्राप्तकर्ता नहीं हैं तो, कृपया प्रेषक से संपर्क करें और ई मेल की सभी प्रतियों को नष्ट कर दें।


Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.


Reply | Threaded
Open this post in threaded view
|

Re: How to reject mails where from address and to address is myself.

Samuel Johnson
If you've separate inbound and outbound servers, you may try putting
regex that matches your domain in header_checks for the header 'From:',
in your inbound server.

--
Samuel Johnson

On 5/28/19 5:58 PM, [hidden email] wrote:

> We have implemented SPF check but not DMARC.  It is passing SPF check also.
>
> regards,
> anant.
>
>
> ----- Message from Michael <[hidden email]
> <mailto:[hidden email]>> ---------
>     Date: Tue, 28 May 2019 07:10:50 -0500
>     From: Michael <[hidden email]
> <mailto:[hidden email]>>
> Subject: Re: How to reject mails where from address and to address is
> myself.
>       To: [hidden email] <mailto:[hidden email]>
>
>> Your email filter should be able to quarantine or discard any email
>> that fails the SPF check.
>>
>> If you want to take it further, you can add a DMARC record after
>> ensuring that your SPF and DKIM are working properly. Again, your
>> filter will need to correctly handle any email that fails DMARC.
>>
>> Can you post the headers of one of the emails?
>>
>>
>>
>> On 2019-05-28 6:19 am, [hidden email] <mailto:[hidden email]> wrote:
>>
>>> Dear List,
>>>
>>> Lot of SPAM mails are being received where from and to address is
>>> myself and the mail has contents which are dirty/bad.
>>>
>>> The original sender id will be different.
>>>
>>> How to handle such mails.
>>>
>>> --
>>> Anant S Athavale
>>> ------------------------------------------------------------------------------
>>> IMPORTANT NOTE:
>>>
>>> ISRO Satellite Centre (ISAC) was renamed as U R Rao Satellite Centre
>>> (URSC).
>>> Hence, the existing domain (isac.gov.in) is changed to new domain
>>> ursc.gov.in
>>> resulting into change of e-mail address from [hidden email]
>>> <mailto:[hidden email]> to
>>> [hidden email] <mailto:[hidden email]>.
>>> Please note this change and update your contact details for new domain
>>> (ursc.gov.in).
>>> ------------------------------------------------------------------------------
>>> Confidentiality Notice: This e-mail message, including any
>>> attachments, is for
>>> the sole use of the intended recipient(s) and may contain
>>> confidential and
>>> privileged information. Any unauthorized review, use, disclosure or
>>> distribution is prohibited. If you are not the intended recipient, please
>>> contact the sender by reply e-mail and destroy all copies of the original
>>> message.------------------------------------------------------------------------------
>>>
>>
>>
>>
>> ----- End message from Michael <[hidden email]
>> <mailto:[hidden email]>> -----
> Anant S Athavale
>
>
> ------------------------------------------------------------------------
>
> *IMPORTANT NOTE:*
> ISRO Satellite Centre (*ISAC*) was renamed as U R Rao Satellite Centre
> (*URSC*). Hence, the existing domain (*isac.gov.in*) is changed to new
> domain *ursc.gov.in* resulting into change of e-mail address from
> *[hidden email]* to *[hidden email]*. Please note this change and
> update your contact details for new domain (*ursc.gov.in*).
>
> ------------------------------------------------------------------------
>
> गोपनीयता सूचनाःयह ई मेल अपने संलग्न दस्तावेजों के साथ केवल अभीष्ट प्राप्तकर्ता (ओं) के
> उपयोग के लिए है । इस ई मेल में गोपनीय और विशेषाधिकृत सूचनायें भी हो सकती हैं । इनका
> अनाधिकृत पुनरीक्षण, उपयोग अथवा वितरण निषिद्ध है । यदि आप अभीष्ट प्राप्तकर्ता नहीं
> हैं तो, कृपया प्रेषक से संपर्क करें और ई मेल की सभी प्रतियों को नष्ट कर दें।
>
> ------------------------------------------------------------------------
>
> Confidentiality Notice: This e-mail message, including any attachments,
> is for the sole use of the intended recipient(s) and may contain
> confidential and privileged information. Any unauthorized review, use,
> disclosure or distribution is prohibited. If you are not the intended
> recipient, please contact the sender by reply e-mail and destroy all
> copies of the original message.
>
> ------------------------------------------------------------------------
Reply | Threaded
Open this post in threaded view
|

Re: How to reject mails where from address and to address is myself.

anant
In reply to this post by Michael-4

Please see the relevant headers.
 

Return-Path: <[hidden email]>

Received: from dnsbsnl.isac.gov.in (dnserns.isac.gov.in [172.20.2.58])
 by services.isac.gov.in (Postfix) with ESMTP id 4BEB0C4F8214
 for <[hidden email]>; Thu, 30 May 2019 05:41:02 +0530 (IST)
Received-SPF: Permerror (SPF Permanent Error: Unknown mechanism found: ipv4:200.1.12.0/24) identity=mailfrom; client-ip=200.1.12.1; helo=smtp03.mppee.gob.ve; envelope-from=[hidden email]; receiver=[hidden email]
Received: from smtp03.mppee.gob.ve (smtp03.mppee.gob.ve [200.1.12.1])
 by dnsbsnl.isac.gov.in (Postfix) with ESMTP id 7D3128066FAF
 for <[hidden email]>; Thu, 30 May 2019 05:40:57 +0530 (IST)
List-Help: <mailto:[hidden email]>
Message-ID:
 <[hidden email]>
From: <[hidden email]>
Content-Type: multipart/related;
 boundary="C1CA3BF65E387"
MIME-Version: 1.0
To: [hidden email]
Abuse-Reports-To: <[hidden email]>
Subject: =?utf-8?Q?***SPAM-UTM***?=
 yogeen
X-Mailer: Inxmail EE 4.7.4.638
X-aid: 7598214175
X-Sender: [hidden email]
Date: Thu, 30 May 2019 02:09:58 +0200
X-Complaints-To: <[hidden email]>
List-Subscribe:
 <http://mailer.mppee.gob.ve/misc/pages/subscribe/gxctwo580goq9f8qntd9y3r2c96pokm5p3xd223ejuc9rbnvgc827aa5reom>,
  <mailto:[hidden email]?subject=Subscribe+04873_1082276_4_3215_9587>
Feedback-ID: b5y6mjmp4aw6d7pp1fkwbwbs8837rxeb6vjtbod1wd81p7r:none:yreihnhm
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.3.9 (smtp03.mppee.gob.ve [0.0.0.0]); Wed, 29 May 2019 20:11:27 -0400 (VET)
X-Copyrighted-Material: Please visit http://www.company.com/privacy.htm
X-Virus-Scanned: clamav-milter 0.99 at smtp03.mppee.gob.ve
X-Virus-Status: Clean
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.3.9 (smtp03.mppee.gob.ve [0.0.0.0]); Wed, 29 May 2019 20:11:40 -0400 (VET)
X-SpamInfo: FortiGuard-AntiSpam ip, connection black ip 200.1.12.1


Regards,
anant.


----- Message from Michael <[hidden email]> ---------
   Date: Tue, 28 May 2019 07:10:50 -0500
   From: Michael <[hidden email]>
Subject: Re: How to reject mails where from address and to address is myself.
     To: [hidden email]

Your email filter should be able to quarantine or discard any email that fails the SPF check.

If you want to take it further, you can add a DMARC record after ensuring that your SPF and DKIM are working properly. Again, your filter will need to correctly handle any email that fails DMARC.

Can you post the headers of one of the emails?



On 2019-05-28 6:19 am, [hidden email] wrote:

Dear List,

Lot of SPAM mails are being received where from and to address is
myself and the mail has contents which are dirty/bad.

The original sender id will be different.

How to handle such mails.

--
Anant S Athavale
------------------------------------------------------------------------------
IMPORTANT NOTE:

ISRO Satellite Centre (ISAC) was renamed as U R Rao Satellite Centre (URSC).
Hence, the existing domain (isac.gov.in) is changed to new domain ursc.gov.in
resulting into change of e-mail address from [hidden email] to
[hidden email].
Please note this change and update your contact details for new domain
(ursc.gov.in).
------------------------------------------------------------------------------
Confidentiality Notice: This e-mail message, including any attachments, is for
the sole use of the intended recipient(s) and may contain confidential and
privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original
message.------------------------------------------------------------------------------




----- End message from Michael <[hidden email]> -----
 
Anant S Athavale



IMPORTANT NOTE:
ISRO Satellite Centre (ISAC) was renamed as U R Rao Satellite Centre (URSC). Hence, the existing domain (isac.gov.in) is changed to new domain ursc.gov.in resulting into change of e-mail address from [hidden email] to [hidden email]. Please note this change and update your contact details for new domain (ursc.gov.in).


गोपनीयता सूचनाःयह ई मेल अपने संलग्न दस्तावेजों के साथ केवल अभीष्ट प्राप्तकर्ता (ओं) के उपयोग के लिए है । इस ई मेल में गोपनीय और विशेषाधिकृत सूचनायें भी हो सकती हैं । इनका अनाधिकृत पुनरीक्षण, उपयोग अथवा वितरण निषिद्ध है । यदि आप अभीष्ट प्राप्तकर्ता नहीं हैं तो, कृपया प्रेषक से संपर्क करें और ई मेल की सभी प्रतियों को नष्ट कर दें।


Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.


Reply | Threaded
Open this post in threaded view
|

Re: How to reject mails where from address and to address is myself.

Richard Salts
In reply to this post by anant
On Tuesday, 28 May 2019 9:19:09 PM AEST [hidden email] wrote:
> Dear List,
>
> Lot of SPAM mails are being received where from and to address is
> myself and the mail has contents which are dirty/bad.
>
> The original sender id will be different.
>
> How to handle such mails.
The best way is probably a milter of some description.
There are a number that have been mentioned in the past on the postfix mailing
list that would be suitable (e.g. https://mimedefang.org/, https://
www.amavis.org )

http://www.postfix.org/MILTER_README.html describes the process of plumbing the
milter into postfix.



Reply | Threaded
Open this post in threaded view
|

Re: How to reject mails where from address and to address is myself.

Fernando Maior
In reply to this post by anant
Dear Anant,

Systems architecture is your friend...

I usually have the following servers:

1) E-mail firewall - a real/virtual computer, connected by one interface to the internet and by another interface to the local network, who only receives e-mail from outside, and don´t permit unwanted e-mails like the ones you said. It runs postfix only, or a postfix + amavis combo.

2) E-mail server - another real/virtual server, connected only to my local network, who runs postfix, courier-imapd, http server, php and an browser-based email client like roundcube or rainloop.

So, when (1) receives incoming e-mail with FROM address from your domain, it just drops the email.

Best regards,
Fernando

Atenciosamente,
---
Fernando Maciel Souto Maior
Projetos e Soluções de Tecnologia
(31) 99226-9440 Vivo


Em ter, 28 de mai de 2019 às 08:20, <[hidden email]> escreveu:
Dear List,

Lot of SPAM mails are being received where from and to address is 
myself and the mail has contents which are dirty/bad.

The original sender id will be different.

How to handle such mails.

--
Anant S Athavale
------------------------------------------------------------------------------
IMPORTANT NOTE:

ISRO Satellite Centre (ISAC) was renamed as U R Rao Satellite Centre (URSC).
Hence, the existing domain (isac.gov.in) is changed to new domain ursc.gov.in
resulting into change of e-mail address from [hidden email] to 
[hidden email].
Please note this change and update your contact details for new domain 
(ursc.gov.in).
------------------------------------------------------------------------------
Confidentiality Notice: This e-mail message, including any attachments, is for
the sole use of the intended recipient(s) and may contain confidential and
privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original
message.
------------------------------------------------------------------------------

Reply | Threaded
Open this post in threaded view
|

Fwd: Re: How to reject mails where from address and to address is myself.

edg973
In reply to this post by Richard Salts

Hello,

I am facing this kind of issue too.
To stop this, I follow http://www.postfix.org/RESTRICTION_CLASS_README.html to restrict usage of list diffusion to local lan.

Amavis and spamassassin are also installed on my mail system with postfix, but recently, spammers use image inside body of email...
Images cannot be analyzed by milters. So that is why I decided to restrict usage of list diffusion to local lan.

I also set smtpd_sender_restrictions = reject_authenticated_sender_login_mismatch in my main.cf
But this works only for authenticated users, to avoid forging mail .

According to http://www.postfix.org/postconf.5.html#reject_sender_login_mismatch, reject_unauthenticated_sender_login_mismatch is for unauthenticated clients
But I fear that reject_unauthenticated_sender_login_mismatch rejects legitimate mail as [hidden email], etc.

Does reject_unauthenticated_sender_login_mismatch can help in this case ?

Best regards



-------- Message transféré --------
Sujet : Re: How to reject mails where from address and to address is myself.
Date : Tue, 04 Jun 2019 20:13:20 +1000
De : Richard James Salts [hidden email]
Pour : [hidden email]


On Tuesday, 28 May 2019 9:19:09 PM AEST [hidden email] wrote:
Dear List,

Lot of SPAM mails are being received where from and to address is
myself and the mail has contents which are dirty/bad.

The original sender id will be different.

How to handle such mails.
The best way is probably a milter of some description.
There are a number that have been mentioned in the past on the postfix mailing list that would be suitable (e.g. https://mimedefang.org/, https://
www.amavis.org )

http://www.postfix.org/MILTER_README.html describes the process of plumbing the milter into postfix.




Reply | Threaded
Open this post in threaded view
|

Re: How to reject mails where from address and to address is myself.

Bill Cole-3
On 4 Jun 2019, at 8:00, Edouard Guigné wrote:

> Does reject_unauthenticated_sender_login_mismatch can help in this
> case ?

None of the Postfix *_sender_* restrictions act on the contents of
message headers. They act on the SMTP envelope sender address, which in
this case is NOT the same address as the From header.

--
Bill Cole
[hidden email] or [hidden email]
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Reply | Threaded
Open this post in threaded view
|

Fwd: Re: How to reject mails where from address and to address is myself.

edg973

Hello,

My question was relative to the following problem :

"Lot of SPAM mails are being received where from and to address is
myself and the mail has contents which are dirty/bad."

I ask if reject_unauthenticated_sender_login_mismatch can solve this issue



    


-------- Message transféré --------
Sujet : Re: How to reject mails where from address and to address is myself.
Date : Tue, 04 Jun 2019 09:12:59 -0400
De : Bill Cole [hidden email]
Répondre à : Postfix users [hidden email]
Pour : Postfix users [hidden email]


On 4 Jun 2019, at 8:00, Edouard Guigné wrote:

Does reject_unauthenticated_sender_login_mismatch can help in this case ?

None of the Postfix *_sender_* restrictions act on the contents of message headers. They act on the SMTP envelope sender address, which in this case is NOT the same address as the From header.

-- 
Bill Cole
[hidden email] or [hidden email]
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)

Reply | Threaded
Open this post in threaded view
|

Re: Fwd: Re: How to reject mails where from address and to address is myself.

Matus UHLAR - fantomas
On 04.06.19 11:05, Edouard Guigné wrote:
>My question was relative to the following problem :
>
>"Lot of SPAM mails are being received where from and to address is
>myself and the mail has contents which are dirty/bad."
>
>I ask if reject_unauthenticated_sender_login_mismatch can solve this issue

the answer "No" was hidden in the explanaion provided.


>Sujet : Re: How to reject mails where from address and to address is
>myself.
>Date : Tue, 04 Jun 2019 09:12:59 -0400
>De : Bill Cole <[hidden email]>
>Répondre à : Postfix users <[hidden email]>
>Pour : Postfix users <[hidden email]>
>
>
>
>On 4 Jun 2019, at 8:00, Edouard Guigné wrote:
>
>>Does reject_unauthenticated_sender_login_mismatch can help in this case ?
>
>None of the Postfix *_sender_* restrictions act on the contents of
>message headers. They act on the SMTP envelope sender address, which
>in this case is NOT the same address as the From header.
>
>--
>Bill Cole
>[hidden email] or [hidden email]
>(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
>

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux is like a teepee: no Windows, no Gates and an apache inside...
Reply | Threaded
Open this post in threaded view
|

Re: Fwd: Re: How to reject mails where from address and to address is myself.

Bernardo Reino
In reply to this post by edg973
On Tue, 4 Jun 2019, Edouard Guigné wrote:

> My question was relative to the following problem :
>
> "Lot of SPAM mails are being received where from and to address is
> myself and the mail has contents which are dirty/bad."
>
> I ask if reject_unauthenticated_sender_login_mismatch can solve this issue

And as Bill Cole already told you, your problem relates to "From:" and
"To:" *headers* of the e-mail, and not the envelope sender, to which the
postfix restrictions apply.