Receiving emails from my own address

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

Receiving emails from my own address

Rafael Azevedo-4
Hi there,

This is an old issue and I believe it has already focused on older discussions.

I'm receiving SPAM from my own address.

Checking server logs, user is not authenticating and the only way this spammer can play a trick is by sending an email to its own address (ie: from [hidden email] to [hidden email]).

Is there a way to avoid this practice ?

Thanks in advance.

BR,
Rafael
Reply | Threaded
Open this post in threaded view
|

Re: Receiving emails from my own address

Matus UHLAR - fantomas
On 06.11.20 09:48, Rafael Azevedo wrote:

>This is an old issue and I believe it has already focused on older
>discussions.
>
>I'm receiving SPAM from my own address.
>
>Checking server logs, user is not authenticating and the only way this
>spammer can play a trick is by sending an email to its own address (ie:
>from [hidden email] to [hidden email]).
>
>Is there a way to avoid this practice ?

on your server: use smtpd_sender_login_maps

on other servers: implement SPF,DKIM and DMARC for your domain.

note that some servers don't enforce DMARC, so mail from your address
may still appear on the internet.

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"One World. One Web. One Program." - Microsoft promotional advertisement
"Ein Volk, ein Reich, ein Fuhrer!" - Adolf Hitler
Reply | Threaded
Open this post in threaded view
|

Re: Receiving emails from my own address

Rafael Azevedo-4
Hi Matus,
Thanks for the reply.

How can smtpd_sender_login_maps fix this issue?
As far as I know, this is only a shortcut for authentication.
ie: login as "raffus" will translate the user to "[hidden email]".

Am I missing something here?

Thanks once again.

Em sex., 6 de nov. de 2020 às 10:42, Matus UHLAR - fantomas <[hidden email]> escreveu:
On 06.11.20 09:48, Rafael Azevedo wrote:
>This is an old issue and I believe it has already focused on older
>discussions.
>
>I'm receiving SPAM from my own address.
>
>Checking server logs, user is not authenticating and the only way this
>spammer can play a trick is by sending an email to its own address (ie:
>from [hidden email] to [hidden email]).
>
>Is there a way to avoid this practice ?

on your server: use smtpd_sender_login_maps

on other servers: implement SPF,DKIM and DMARC for your domain.

note that some servers don't enforce DMARC, so mail from your address
may still appear on the internet.

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"One World. One Web. One Program." - Microsoft promotional advertisement
"Ein Volk, ein Reich, ein Fuhrer!" - Adolf Hitler
Reply | Threaded
Open this post in threaded view
|

Re: Receiving emails from my own address

Matus UHLAR - fantomas
On 06.11.20 11:10, Rafael Azevedo wrote:
>How can smtpd_sender_login_maps fix this issue?
>As far as I know, this is only a shortcut for authentication.
>ie: login as "raffus" will translate the user to "[hidden email]".

>Am I missing something here?

no, I was:

after that you can use directives like:
reject_sender_login_mismatch
reject_known_sender_login_mismatch
reject_unauthenticated_sender_login_mismatch

in smtpd_sender_restrictions, which should do what you want.


>Em sex., 6 de nov. de 2020 às 10:42, Matus UHLAR - fantomas <
>[hidden email]> escreveu:
>
>> On 06.11.20 09:48, Rafael Azevedo wrote:
>> >This is an old issue and I believe it has already focused on older
>> >discussions.
>> >
>> >I'm receiving SPAM from my own address.
>> >
>> >Checking server logs, user is not authenticating and the only way this
>> >spammer can play a trick is by sending an email to its own address (ie:
>> >from [hidden email] to [hidden email]).
>> >
>> >Is there a way to avoid this practice ?
>>
>> on your server: use smtpd_sender_login_maps
>>
>> on other servers: implement SPF,DKIM and DMARC for your domain.
>>
>> note that some servers don't enforce DMARC, so mail from your address
>> may still appear on the internet.

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Chernobyl was an Windows 95 beta test site.
Reply | Threaded
Open this post in threaded view
|

Re: Receiving emails from my own address

Rafael Azevedo-4
It didn't work. :(

Em sex., 6 de nov. de 2020 às 11:30, Matus UHLAR - fantomas <[hidden email]> escreveu:
On 06.11.20 11:10, Rafael Azevedo wrote:
>How can smtpd_sender_login_maps fix this issue?
>As far as I know, this is only a shortcut for authentication.
>ie: login as "raffus" will translate the user to "[hidden email]".

>Am I missing something here?

no, I was:

after that you can use directives like:
reject_sender_login_mismatch
reject_known_sender_login_mismatch
reject_unauthenticated_sender_login_mismatch

in smtpd_sender_restrictions, which should do what you want.


>Em sex., 6 de nov. de 2020 às 10:42, Matus UHLAR - fantomas <
>[hidden email]> escreveu:
>
>> On 06.11.20 09:48, Rafael Azevedo wrote:
>> >This is an old issue and I believe it has already focused on older
>> >discussions.
>> >
>> >I'm receiving SPAM from my own address.
>> >
>> >Checking server logs, user is not authenticating and the only way this
>> >spammer can play a trick is by sending an email to its own address (ie:
>> >from [hidden email] to [hidden email]).
>> >
>> >Is there a way to avoid this practice ?
>>
>> on your server: use smtpd_sender_login_maps
>>
>> on other servers: implement SPF,DKIM and DMARC for your domain.
>>
>> note that some servers don't enforce DMARC, so mail from your address
>> may still appear on the internet.

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Chernobyl was an Windows 95 beta test site.
Reply | Threaded
Open this post in threaded view
|

Re: Receiving emails from my own address

Patrick Laimbock
In reply to this post by Rafael Azevedo-4
On 06-11-2020 13:48, Rafael Azevedo wrote:

> Hi there,
>
> This is an old issue and I believe it has already focused on older
> discussions.
>
> I'm receiving SPAM from my own address.
>
> Checking server logs, user is not authenticating and the only way this
> spammer can play a trick is by sending an email to its own address (ie:
> from [hidden email] <mailto:[hidden email]> to
> [hidden email] <mailto:[hidden email]>).
>
> Is there a way to avoid this practice ?
>
> Thanks in advance.
>
> BR,
> Rafael

Hope I get this right. In main.cf you can put a section:

smtpd_sender_restrictions =
   ...
   check_sender_access hash:/etc/postfix/sender_access
   ...

And in /etc/postfix/sender_access you then add your domain (see man 5
access for more information):

mydomain.com  REJECT  You are not mydomain.com

Then run postmap
# postmap /etc/postfix/sender_access

And finally
# postfix reload

Note that this only works for MAIL FROM, see
http://www.postfix.org/postconf.5.html#smtpd_sender_restrictions
http://www.postfix.org/postconf.5.html#check_sender_access

Best,
Patrick
Reply | Threaded
Open this post in threaded view
|

Re: Receiving emails from my own address

Rafael Azevedo-4
Huge thanks!!

Em sex., 6 de nov. de 2020 às 13:15, Patrick Laimbock <[hidden email]> escreveu:
On 06-11-2020 13:48, Rafael Azevedo wrote:
> Hi there,
>
> This is an old issue and I believe it has already focused on older
> discussions.
>
> I'm receiving SPAM from my own address.
>
> Checking server logs, user is not authenticating and the only way this
> spammer can play a trick is by sending an email to its own address (ie:
> from [hidden email] <mailto:[hidden email]> to
> [hidden email] <mailto:[hidden email]>).
>
> Is there a way to avoid this practice ?
>
> Thanks in advance.
>
> BR,
> Rafael

Hope I get this right. In main.cf you can put a section:

smtpd_sender_restrictions =
   ...
   check_sender_access hash:/etc/postfix/sender_access
   ...

And in /etc/postfix/sender_access you then add your domain (see man 5
access for more information):

mydomain.com  REJECT  You are not mydomain.com

Then run postmap
# postmap /etc/postfix/sender_access

And finally
# postfix reload

Note that this only works for MAIL FROM, see
http://www.postfix.org/postconf.5.html#smtpd_sender_restrictions
http://www.postfix.org/postconf.5.html#check_sender_access

Best,
Patrick
Reply | Threaded
Open this post in threaded view
|

Re: Receiving emails from my own address

Benny Pedersen-2
In reply to this post by Rafael Azevedo-4
Rafael Azevedo skrev den 2020-11-06 13:48:

> Checking server logs, user is not authenticating and the only way this
> spammer can play a trick is by sending an email to its own address
> (ie: from [hidden email] to [hidden email]).
>
> Is there a way to avoid this practice ?

thats what SPF is designed for

without SPF, do not accept local domains as envelope sender on port 25,
when this is solved it stops

more help show logs
and postconf -nf
Reply | Threaded
Open this post in threaded view
|

Re: Receiving emails from my own address

Benny Pedersen-2
In reply to this post by Rafael Azevedo-4
Rafael Azevedo skrev den 2020-11-06 15:10:

> How can smtpd_sender_login_maps fix this issue?

it needs sasl auth to work as intended, with port 25 should not add

see my other reply for envelope sender on port 25
Reply | Threaded
Open this post in threaded view
|

Re: Receiving emails from my own address

Matus UHLAR - fantomas
In reply to this post by Rafael Azevedo-4
On 06.11.20 13:19, Rafael Azevedo wrote:
>Huge thanks!!

yes, if you want timply to prevent other servers from  sending mail from
your domain, implementing domain in access list is enough.

with my proposal, you could even check which authenticated users are allowed
to send mail from which address.

that might be an overkill, but sometimes useful, so your users aren't
allowed to spoof each other's addresses.

>Em sex., 6 de nov. de 2020 às 13:15, Patrick Laimbock <[hidden email]>
>escreveu:
>
>> On 06-11-2020 13:48, Rafael Azevedo wrote:
>> > Hi there,
>> >
>> > This is an old issue and I believe it has already focused on older
>> > discussions.
>> >
>> > I'm receiving SPAM from my own address.
>> >
>> > Checking server logs, user is not authenticating and the only way this
>> > spammer can play a trick is by sending an email to its own address (ie:
>> > from [hidden email] <mailto:[hidden email]> to
>> > [hidden email] <mailto:[hidden email]>).
>> >
>> > Is there a way to avoid this practice ?
>> >
>> > Thanks in advance.
>> >
>> > BR,
>> > Rafael
>>
>> Hope I get this right. In main.cf you can put a section:
>>
>> smtpd_sender_restrictions =
>>    ...
>>    check_sender_access hash:/etc/postfix/sender_access
>>    ...
>>
>> And in /etc/postfix/sender_access you then add your domain (see man 5
>> access for more information):
>>
>> mydomain.com  REJECT  You are not mydomain.com
>>
>> Then run postmap
>> # postmap /etc/postfix/sender_access
>>
>> And finally
>> # postfix reload
>>
>> Note that this only works for MAIL FROM, see
>> http://www.postfix.org/postconf.5.html#smtpd_sender_restrictions
>> http://www.postfix.org/postconf.5.html#check_sender_access

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Fighting for peace is like fucking for virginity...