Limiting HELO spoofing in Postfix?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
25 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Re: Limiting HELO spoofing in Postfix?

Nick Tait
On 23/10/20 6:26 pm, Nick Tait wrote:
In summary, you'd want to create a script in a language of your choice, which in the simplest case does this:
  1. Reads in lines until a blank line.
  2. Then sees if the lines that it read included the line "client_address=127.0.0.1".
  3. If it did, then it checks if it also received the line "helo_name=localhost".
  4. Then it outputs a result based on the results of steps #2 & #3:
    • If #2 matched and #3 matched, then it prints "dunno", followed by a blank line.
    • If #2 matched but #3 didn't, then it prints "reject You look like you're trying to get me to send spam", followed by a blank line.
    • If #2 didn't match, then it prints "dunno", followed by a blank line.

NB: The reason for using "dunno" (rather than "ok") is so that other following checks will still be performed.

Sorry I made an error above. Step #4 should have said:

  1. Then it outputs a result based on the results of steps #2 & #3:
    • If #2 matched and #3 matched, then it prints "action=dunno", followed by a blank line.
    • If #2 matched but #3 didn't, then it prints "action=reject You look like you're trying to get me to send spam", followed by a blank line.
    • If #2 didn't match, then it prints "action=dunno", followed by a blank line.
Thanks,

Nick.

Reply | Threaded
Open this post in threaded view
|

Re: Limiting HELO spoofing in Postfix?

Rich Wales
In reply to this post by Viktor Dukhovni
From Viktor Dukhovni:
> I don't recall whether you have as yet posted the requested (sans any
> reformatting of line breaks) outputs of:
>
>     $ postconf -Mf
>     $ postconf -nf

See the attached text files.

I'll mention here that I'm still trying tweaks here and there to my
Postfix configuration.  Most recently, I modified amavisd-new to send
its post-scan output to 127.0.0.55 (instead of the default 127.0.0.1),
in an attempt to make it clearer which "localhost" traffic is coming
from and going to where.  So if my current configuration doesn't seem to
match the info I've been posting up till now about my server, that may
be why.

Rich Wales
[hidden email]

postconf-Mf.out (7K) Download Attachment
postconf-nf.out (7K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Limiting HELO spoofing in Postfix?

Viktor Dukhovni
On Sat, Oct 24, 2020 at 03:22:28PM -0700, Rich Wales wrote:

> From Viktor Dukhovni:
> > I don't recall whether you have as yet posted the requested (sans any
> > reformatting of line breaks) outputs of:
> >
> >     $ postconf -Mf
> >     $ postconf -nf
>
> See the attached text files.

Thanks.  Could you also post the output of:

    # netstat -anp --inet | grep LISTEN
    # netstat -anp --inet6 | grep LISTEN
    # iptables -n -L -v
    # iptables -t nat -n -L -v

--
    Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: Limiting HELO spoofing in Postfix?

Demi M. Obenour
On 10/24/20 6:38 PM, Viktor Dukhovni wrote:

> On Sat, Oct 24, 2020 at 03:22:28PM -0700, Rich Wales wrote:
>
>> From Viktor Dukhovni:
>>> I don't recall whether you have as yet posted the requested (sans any
>>> reformatting of line breaks) outputs of:
>>>
>>>     $ postconf -Mf
>>>     $ postconf -nf
>>
>> See the attached text files.
>
> Thanks.  Could you also post the output of:
>
>     # netstat -anp --inet | grep LISTEN
>     # netstat -anp --inet6 | grep LISTEN
>     # iptables -n -L -v
>     # iptables -t nat -n -L -v
>
Also:

    # nft list ruleset

OpenPGP_0xB288B55FFF9C22C1.asc (3K) Download Attachment
OpenPGP_signature (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Limiting HELO spoofing in Postfix?

Rich Wales
On 2020-10-24 17:22, Demi M. Obenour wrote:

> Also:  # nft list ruleset


That one's really easy, since I'm not currently using nftables:

table inet filter {
        chain input {
                type filter hook input priority 0; policy accept;
        }

        chain forward {
                type filter hook forward priority 0; policy accept;
        }

        chain output {
                type filter hook output priority 0; policy accept;
        }
}

Rich Wales
[hidden email]
12