i’m running Postfix 2.3.8 (Debian package) on a Debian Etch machine and since a week or two I started getting mail that looks like I sent it to myself. Somebody’s forged a couple of my mail addresses. How can I best protect my mail address from getting stolen? I’m also running Spamassassin 3.2.3, ClamAV 0.92.1 and Amavisd-new 2.4.2.
here’s a portion of my main.cf :
myhostname = mail.server.tld
alias_maps = hash:/etc/aliases
mydestination = $myhostname localhost.$mydomain localhost $mydomain www.$mydomain ftp.$mydomain
mynetworks = 192.168.1.0/24, 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
mydomain = server.tld
inet_interfaces = 192.168.1.17, 127.0.0.1
home_mailbox = Maildir/
mail_spool_directory = /var/spool/postfix
relay_domains = $mydestination
bounce_template_file = /etc/postfix/bounce.cf
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unverified_recipient, reject_unauth_dest
smtpd_sender_restrictions = reject_unknown_sender_domain, reject_non_fqdn_sender
smtpd_helo_required = yes
smtpd_helo_restrictions = reject_invalid_hostname
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining, reject_unknown_client_ho
smtpd_data_restrictions = reject_unauth_pipelining
unverified_recipient_reject_code = 550
# SASL SUPPORT FOR CLIENTS
# The following options set parameters needed by Postfix to enable
# Cyrus-SASL support for authentication of mail clients.
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_sasl_path = smtpd
content_filter = smtp-amavis:[127.0.0.1]:10024
disable_dns_lookups = no
Any suggestions on how this can be stopped will be greatly appreciated!
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Robert Cates
Sent: Monday, 28 April 2008 5:23 AM
To: [hidden email]
Subject: forged e-mail address(es)
i'm running Postfix 2.3.8 (Debian package) on a Debian Etch
machine and since a week or two I started getting mail that looks like I
sent it to myself. Somebody's forged a couple of my mail addresses.
How can I best protect my mail address from getting stolen? I'm also
running Spamassassin 3.2.3, ClamAV 0.92.1 and Amavisd-new 2.4.2.
Don't send mail, don't have an MX record, don't post your email address
anywhere, don't let your contacts add your address to their
addressbooks, and don't have an email alias that is going to be
dictionary'd no matter what you do (ie. [hidden email] is more
likely to be forged).
You could try enabling SPF/DKIM for your domain, but that's only going
to work for the <5% of mail hosts (or is it more these days?) that carry
out SPF/DKIM checking. At least that covers Hotmail/Gmail and suchlike.
Forged email addresses are just a fact of life with SMTP these days.
In reply to this post by Robert Cates
Robert Cates wrote:
> i'm running Postfix 2.3.8 (Debian package) on a Debian Etch machine and
> since a week or two I started getting mail that looks like I sent it to
> myself. Somebody's forged a couple of my mail addresses. How can I best
> protect my mail address from getting stolen? I'm also running Spamassassin
> 3.2.3, ClamAV 0.92.1 and Amavisd-new 2.4.2.
you can reject mail coming from outside if the envelope sender is in
your domain, but you must understand the consequences.
#[hidden email] REJECT
among the consequences:
- some services use your own address to send you mail. the check above
will reject their mail.
- the check above may break forwarding. whether this is a problem or not
depends on your users...
- if you have external systems sending you mail with your domain
(legitimately), the check above will reject such mail
if you showed your logs, we could give you more effective alternatives.
for example, you could use
Also, next time show output of 'postconf -n' instead of main.cf.
In reply to this post by Robert Cates
On Apr 27, 2008, at 3:22 PM, Robert Cates wrote:
They don't have to steal your address, "robert" is probably common in many spammer dictionaries.
|Free forum by Nabble||Edit this page|