avoid external emails that the from=< and the to=< are the same user

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

avoid external emails that the from=< and the to=< are the same user

Francesc Peñalvez-2
Lately we are receiving spam mails that apparently the mail from the and
the to is the same. How is it possible to avoid this?. I have configured
postfix to avoid the relay of emails and to be able to send mail through
my postfix is necessary the auth , these emails are sent externally from
several ips and seeing the logs of those emails are not authenticated

*************************************************************************************************
Este mensaje y todos los archivos adjuntos son confidenciales y de uso exclusivo por parte
de su/sus destinatario/s. Si usted ha recibido este mensaje por error, le agradecemos que
lo notifique inmediatamente al remitente y destruya el mensaje. Queda prohibida cualquier
modificación, edición, uso o divulgación no autorizados. El Emisor no se hace responsable
de este mensaje si ha sido modificado, distorsionado, falsificado, infectado por un virus o
editado o difundido sin autorización.


***********************************************************************************************
This message and any attachments are confidential and intended for the named addressee(s) only.
If you have received this message in error, please notify immediately the sender, then delete
the message. Any unauthorized modification, edition, use or dissemination is prohibited.
The sender shall not be liable for this message if it has been modified, altered, falsified, infected
by a virus or even edited or disseminated without authorization.
***********************************************************************************************



smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: avoid external emails that the from=< and the to=< are the same user

Dominic Raferd
On Fri, 16 Nov 2018 at 13:20, Francesc Peñalvez <[hidden email]> wrote:
>
> Lately we are receiving spam mails that apparently the mail from the and
> the to is the same. How is it possible to avoid this?. I have configured
> postfix to avoid the relay of emails and to be able to send mail through
> my postfix is necessary the auth , these emails are sent externally from
> several ips and seeing the logs of those emails are not authenticated

SpamAssassin 3.4.2 has the FromNameSpoof Plugin which should help.

You can also write your own header_checks test like this (which is
broader than your use case):
if /^From:/
#   emails from our domains and some others are not subject to restrictions here
/((mydomain1\.tld|mydomain2\.tld)>?\s*$/ DUNNO
#   but try to block emails that pretend to be from us
#     (a) e.g. From: [hidden email] <[hidden email]>
/^(.*mydomain1\.tld"? <.*)$/ REJECT From header impersonation type 1
#     (b) e.g. From: Dominic Raferd <[hidden email]>
if /^From: ?(Mr?s? )?(D(ominic)?.*Raferd)/
#      but allow some exceptions... e.g. apple, launchpad
!/(@bugs\.launchpad\.net|noreply@email\.apple\.com)>?\s*$/ REJECT From
header impersonation type 2
endif
Reply | Threaded
Open this post in threaded view
|

Re: avoid external emails that the from=< and the to=< are the same user

Wietse Venema
In reply to this post by Francesc Peñalvez-2
Francesc Pe?alvez:
> Lately we are receiving spam mails that apparently the mail from the and
> the to is the same. How is it possible to avoid this?. I have configured
> postfix to avoid the relay of emails and to be able to send mail through
> my postfix is necessary the auth , these emails are sent externally from
> several ips and seeing the logs of those emails are not authenticated

Postfix 3.0 and later:

/etc/postfix/main.cf:
    smtpd_sender_restrictions =
        permit_mynetworks
        permit_sasl_authenticated
        check_sender_access inline:{
            { example.com = REJECT local sender from unauthorized client }
            { other.example = REJECT local sender from unauthorized client }
        }

Instead of example.com and other.example, specify your email domains.

Note: this breaks email from remote mail forwarders or from remote
distribution lists that don't reset the sender address.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: avoid external emails that the from=< and the to=< are the same user

Francesc Peñalvez-2
El 16/11/2018 a las 15:41, Wietse Venema escribió:

> Francesc Pe?alvez:
>> Lately we are receiving spam mails that apparently the mail from the and
>> the to is the same. How is it possible to avoid this?. I have configured
>> postfix to avoid the relay of emails and to be able to send mail through
>> my postfix is necessary the auth , these emails are sent externally from
>> several ips and seeing the logs of those emails are not authenticated
> Postfix 3.0 and later:
>
> /etc/postfix/main.cf:
>      smtpd_sender_restrictions =
>          permit_mynetworks
>          permit_sasl_authenticated
>          check_sender_access inline:{
>              { example.com = REJECT local sender from unauthorized client }
>              { other.example = REJECT local sender from unauthorized client }
>          }
>
> Instead of example.com and other.example, specify your email domains.
>
> Note: this breaks email from remote mail forwarders or from remote
> distribution lists that don't reset the sender address.
>
> Wietse
thank you I had debian jessie and I was unable to update postfix with
tls and sasl so I had to update debian to get postfix 3.x and it worked
correctly your solution

--
*************************************************************************************************
Este mensaje y todos los archivos adjuntos son confidenciales y de uso exclusivo por parte
de su/sus destinatario/s. Si usted ha recibido este mensaje por error, le agradecemos que
lo notifique inmediatamente al remitente y destruya el mensaje. Queda prohibida cualquier
modificación, edición, uso o divulgación no autorizados. El Emisor no se hace responsable
de este mensaje si ha sido modificado, distorsionado, falsificado, infectado por un virus o
editado o difundido sin autorización.


***********************************************************************************************
This message and any attachments are confidential and intended for the named addressee(s) only.
If you have received this message in error, please notify immediately the sender, then delete
the message. Any unauthorized modification, edition, use or dissemination is prohibited.
The sender shall not be liable for this message if it has been modified, altered, falsified, infected
by a virus or even edited or disseminated without authorization.
***********************************************************************************************



smime.p7s (5K) Download Attachment