[TriLUG] postfix security

skippy1 at hickorytech.net skippy1 at hickorytech.net
Sat Dec 11 08:18:10 EST 2004 

Even without seeing the headers, its a pretty common thing for spammers to
send their spam through secondary mail servers.  From the volume of this
that I've seen I assume that a fairly large percentage of the spam
software does this automatically.

The problem for the mail admin is of course that in a standard setup, the
secondary has no idea what accounts are on the primary and so blindly
accepts everything for the domain.

In sendmail its possible to set up a mail filter that accepts the spam
connection and holds it open while it queries the primary to see if its a
valid address.  If it isn't the secondary refuses the spam right then and
never queues it.  The package I've used for that is milter-ahead from
www.milter.org.  I don't know if a similar setup is possible with postfix.


Skippy

> Any chance you could post the headers of this email so that we could get
> a better idea of  what happened?
>
> Jeff G.
>
> Michael Hrivnak wrote:
>> I have a question that relates directly to a spamming experience I
>> just had.
>>
>> I understand what an MX record is.  I have setup multiple machines
>> that will  relay for my domain in the event my primary mail server is
>> down.  I did so by  adding to those machines this in
>> /etc/postfix/main.cf
>>
>> relay_domains = $mydestination mydomaincom
>>
>> All machines involved run Mandrake 10.0 or 10.1.  That tends to work,
>> but I  found a problem.  In theory, anyone on the internet can use
>> these backup  servers to send email to my domain.  Someone could spam
>> my domain all day and  all night through those servers.  In fact,
>> tonight I received a spam email  that came through one of those
>> servers and even claimed to be from two  accounts (which don't
>> actually exist) on that backup server (why would an  email be from 2
>> accounts anyway?). What can I do to prevent this?
>>
>> Thanks a lot,
>>
>> Michael
> --
> TriLUG mailing list        :
> http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ
> : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> TriLUG PGP Keyring         : http://trilug.org/~chrish/trilug.asc

More information about the TriLUG mailing list