Sep 042009
 

i’ve just found that some clever user spoofing their sender email address. They’re relaying email from my office webmail i’ve been maintained for years. so here’s the solution to evade naughty user from sending their bulk email.

I’m using postfix, so in main.cf i added restriction class like this

smtpd_restriction_classes = has_our_domain_as_sender
has_our_domain_as_sender = check_sender_access hash:/etc/postfix/mydomains, reject 

in mydomains file

domain.com OK
domain.org OK

Don’t forget to postmap

# postmap mydomains

Now, in smtpd_recipient_restrictions section add this

smtpd_recipient_restrictions =
  check_client_access hash:/etc/postfix/internal_networks,
  permit_mynetworks,
  permit_sasl_authenticated,
  reject_unauth_destination,
  reject_unlisted_recipient,
  ....... 

in internal_networks file

127.0.0.1          has_our_domain_as_sender
192.168.1          has_our_domain_as_sender
192.168.2          has_our_domain_as_sender

as usual don’t forget to postmap the file

# postmap internal_networks

Reload postfix

# postfix reload

In squirrelmail config.php file

$domain                 = 'domain.tld';
$imapServerAddress      = 'localhost';
$imapPort               = 143;
$useSendmail            = false;
$smtpServerAddress      = 'localhost';
$smtpPort               = 25; 

we’ve set $useSendmail to false, because if using sendmail email will directly injected to pickup and then cleanup, bypassing all smtpd_*_restrictions.

done

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.