[TriLUG] postfix security

Jeff Groves jgroves at krenim.org
Sat Dec 11 12:26:01 EST 2004 

Skippy:

Thanks for you explanation of milter-ahead!  I had never quite gotten my head around that 
particular milter until I read your email.

Jeff G.

skippy1 at hickorytech.net wrote:
> Even without seeing the headers, its a pretty common thing for spammers to
> send their spam through secondary mail servers.  From the volume of this
> that I've seen I assume that a fairly large percentage of the spam
> software does this automatically.
> 
> The problem for the mail admin is of course that in a standard setup, the
> secondary has no idea what accounts are on the primary and so blindly
> accepts everything for the domain.
> 
> In sendmail its possible to set up a mail filter that accepts the spam
> connection and holds it open while it queries the primary to see if its a
> valid address.  If it isn't the secondary refuses the spam right then and
> never queues it.  The package I've used for that is milter-ahead from
> www.milter.org.  I don't know if a similar setup is possible with postfix.
> 
> 
> Skippy
> 
> 
>>Any chance you could post the headers of this email so that we could get
>>a better idea of  what happened?
>>
>>Jeff G.
>>
>>Michael Hrivnak wrote:
>>
>>>I have a question that relates directly to a spamming experience I
>>>just had.
>>>
>>>I understand what an MX record is.  I have setup multiple machines
>>>that will  relay for my domain in the event my primary mail server is
>>>down.  I did so by  adding to those machines this in
>>>/etc/postfix/main.cf
>>>
>>>relay_domains = $mydestination mydomaincom
>>>
>>>All machines involved run Mandrake 10.0 or 10.1.  That tends to work,
>>>but I  found a problem.  In theory, anyone on the internet can use
>>>these backup  servers to send email to my domain.  Someone could spam
>>>my domain all day and  all night through those servers.  In fact,
>>>tonight I received a spam email  that came through one of those
>>>servers and even claimed to be from two  accounts (which don't
>>>actually exist) on that backup server (why would an  email be from 2
>>>accounts anyway?). What can I do to prevent this?
>>>
>>>Thanks a lot,
>>>
>>>Michael
>>
>>--
>>TriLUG mailing list        :
>>http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ
>>: http://trilug.org/faq/
>>TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>>TriLUG PGP Keyring         : http://trilug.org/~chrish/trilug.asc
> 
> 
> 
>

More information about the TriLUG mailing list