forged e-mail address(es)

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

forged e-mail address(es)

Robert Cates

Hi,

 

i’m running Postfix 2.3.8 (Debian package) on a Debian Etch machine and since a week or two I started getting mail that looks like I sent it to myself.  Somebody’s forged a couple of my mail addresses.  How can I best protect my mail address from getting stolen?  I’m also running Spamassassin 3.2.3, ClamAV 0.92.1 and Amavisd-new 2.4.2.

 

here’s a portion of my main.cf :

 

myhostname = mail.server.tld

alias_maps = hash:/etc/aliases

mydestination = $myhostname localhost.$mydomain localhost $mydomain www.$mydomain ftp.$mydomain

mynetworks = 192.168.1.0/24, 127.0.0.0/8

mailbox_size_limit = 0

recipient_delimiter = +

mydomain = server.tld

inet_interfaces = 192.168.1.17, 127.0.0.1

home_mailbox = Maildir/

mail_spool_directory = /var/spool/postfix

relay_domains = $mydestination

bounce_template_file = /etc/postfix/bounce.cf

 

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unverified_recipient, reject_unauth_dest

ination

 

smtpd_sender_restrictions = reject_unknown_sender_domain, reject_non_fqdn_sender

 

smtpd_helo_required = yes

 

smtpd_helo_restrictions = reject_invalid_hostname

 

smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining, reject_unknown_client_ho

stname

 

smtpd_data_restrictions =  reject_unauth_pipelining

 

unverified_recipient_reject_code = 550

 

relayhost =

 

# SASL SUPPORT FOR CLIENTS

#

# The following options set parameters needed by Postfix to enable

# Cyrus-SASL support for authentication of mail clients.

#

smtpd_sasl_auth_enable = yes

smtpd_sasl_security_options = noanonymous

smtpd_sasl_local_domain = $myhostname

broken_sasl_auth_clients = yes

smtpd_sasl_path = smtpd

 

content_filter = smtp-amavis:[127.0.0.1]:10024

 

disable_dns_lookups = no

 

 

 

Any suggestions on how this can be stopped will be greatly appreciated!

Robert

 

Reply | Threaded
Open this post in threaded view
|

RE: forged e-mail address(es)

MacShane, Tracy
 
        From: [hidden email]
[mailto:[hidden email]] On Behalf Of Robert Cates
        Sent: Monday, 28 April 2008 5:23 AM
        To: [hidden email]
        Subject: forged e-mail address(es)
       
        Hi,

        i'm running Postfix 2.3.8 (Debian package) on a Debian Etch
machine and since a week or two I started getting mail that looks like I
sent it to myself.  Somebody's forged a couple of my mail addresses.
How can I best protect my mail address from getting stolen?  I'm also
running Spamassassin 3.2.3, ClamAV 0.92.1 and Amavisd-new 2.4.2.

____________________________


Don't send mail, don't have an MX record, don't post your email address
anywhere, don't let your contacts add your address to their
addressbooks, and don't have an email alias that is going to be
dictionary'd no matter what you do (ie. [hidden email] is more
likely to be forged).

You could try enabling SPF/DKIM for your domain, but that's only going
to work for the <5% of mail hosts (or is it more these days?) that carry
out SPF/DKIM checking. At least that covers Hotmail/Gmail and suchlike.

Forged email addresses are just a fact of life with SMTP these days.
Unfortunately.

Reply | Threaded
Open this post in threaded view
|

Re: forged e-mail address(es)

mouss-2
In reply to this post by Robert Cates
Robert Cates wrote:

> Hi,
>
>  
>
> i'm running Postfix 2.3.8 (Debian package) on a Debian Etch machine and
> since a week or two I started getting mail that looks like I sent it to
> myself.  Somebody's forged a couple of my mail addresses.  How can I best
> protect my mail address from getting stolen?  I'm also running Spamassassin
> 3.2.3, ClamAV 0.92.1 and Amavisd-new 2.4.2.
> [snip]
>  

you can reject mail coming from outside if the envelope sender is in
your domain, but you must understand the consequences.

smtpd_sender_restrictions =
    permit_mynetworks
    permit_sasl_authenticated
    check_sender_access hash:/etc/postfix/sender_access


== sender_access:
example.com      REJECT
#[hidden email]   REJECT

among the consequences:
- some services use your own address to send you mail. the check above
will reject their mail.
- the check above may break forwarding. whether this is a problem or not
depends on your users...
- if you have external systems sending you mail with your domain
(legitimately), the check above will reject such mail



if you showed your logs, we could give you more effective alternatives.  
for example, you could use
    reject_rbl_client zen.spamhaus.org

Also, next time show output of 'postconf -n' instead of main.cf.


Reply | Threaded
Open this post in threaded view
|

Re: forged e-mail address(es)

Jonathan Dill
In reply to this post by Robert Cates

On Apr 27, 2008, at 3:22 PM, Robert Cates wrote:
Hi,
 
i’m running Postfix 2.3.8 (Debian package) on a Debian Etch machine and since a week or two I started getting mail that looks like I sent it to myself.  Somebody’s forged a couple of my mail addresses.  How can I best protect my mail address from getting stolen?  I’m also running Spamassassin 3.2.3, ClamAV 0.92.1 and Amavisd-new 2.4.2.

They don't have to steal your address, "robert" is probably common in many spammer dictionaries.



 
here’s a portion of my main.cf :
 
myhostname = mail.server.tld
alias_maps = hash:/etc/aliases
mydestination = $myhostname localhost.$mydomain localhost $mydomain www.$mydomain ftp.$mydomain
mynetworks = 192.168.1.0/24, 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
mydomain = server.tld
inet_interfaces = 192.168.1.17, 127.0.0.1
home_mailbox = Maildir/
mail_spool_directory = /var/spool/postfix
relay_domains = $mydestination
bounce_template_file = /etc/postfix/bounce.cf
 
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unverified_recipient, reject_unauth_dest
ination
 
smtpd_sender_restrictions = reject_unknown_sender_domain, reject_non_fqdn_sender
 
smtpd_helo_required = yes
 
smtpd_helo_restrictions = reject_invalid_hostname
 
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining, reject_unknown_client_ho
stname
 
smtpd_data_restrictions =  reject_unauth_pipelining
 
unverified_recipient_reject_code = 550
 
relayhost =
 
# SASL SUPPORT FOR CLIENTS
#
# The following options set parameters needed by Postfix to enable
# Cyrus-SASL support for authentication of mail clients.
#
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_sasl_path = smtpd
 
content_filter = smtp-amavis:[127.0.0.1]:10024
 
disable_dns_lookups = no
 
 
 
Any suggestions on how this can be stopped will be greatly appreciated!
Robert