Prevent Spam from valid sender/recipient: Difference between revisions

From QmailToaster
Jump to navigation Jump to search
(Created page with "'''How to prevent spam from a spoofed local account.''' Example SMTP Log: 08-27 05:54:35 CHKUSER accepted sender: from <valid.email@account.no::> remote <[113.22.203.172]:unknown:113.22.203.172> rcpt <> : sender accepted 08-27 05:54:35 CHKUSER accepted rcpt: from <valid.email@account.no::> remote <[113.22.203.172]:unknown:113.22.203.172> rcpt <valid.email@account.no> : found existing recipient 08-27 05:54:35 policy_check: local valid.email@account.no -> local valid....")
 
No edit summary
 
Line 1: Line 1:
[[User_Tips_%26_Tricks#Anti_Spam|Back]]<br>
'''How to prevent spam from a spoofed local account.'''
'''How to prevent spam from a spoofed local account.'''



Latest revision as of 10:08, 30 March 2024

Back
How to prevent spam from a spoofed local account.

Example SMTP Log:

08-27 05:54:35 CHKUSER accepted sender: from <valid.email@account.no::> remote <[113.22.203.172]:unknown:113.22.203.172> rcpt <> : sender accepted
08-27 05:54:35 CHKUSER accepted rcpt: from <valid.email@account.no::> remote <[113.22.203.172]:unknown:113.22.203.172> rcpt <valid.email@account.no> : found existing recipient
08-27 05:54:35 policy_check: local valid.email@account.no -> local valid.email@account.no (UNAUTHENTICATED SENDER)
08-27 05:54:35 policy_check: policy allows transmission
08-27 05:54:35 spamdyke[28493]: ALLOWED from: valid.email@account.no to: valid.email@account.no origin_ip: 113.22.203.172 origin_rdns: (unknown) auth: (unknown) encryption: (none)
08-27 05:54:39 simscan:[28494]:CLEAN (7.90/12.00):3.1911s:***SPAM*** Hi recipient, be our guest. 70% off for you.. on is the:113.22.203.172:valid.email@account.no:valid.email@account.no 
  • Use spamdyke, and blacklist your local domain(s). This is counter intuitive, but works great. In the
    /etc/spamdyke/blacklist_senders
    file, add:
    @mydomain.com
  • All of your domains' submissions must be authenticated for this to work. If you have some web apps (for instance) that submit w/out authenticating (you have them approved for relay in tcp.smtp) then you can't use this method. My suggestion in this case is to modify the web app to authenticate.
  • Webmail should be configured to authenticate, in which case you don't need the 127.: line in tcp.smtp. This is a trivial change in
    /etc/squirrelmail/local_config.php:
$smtpServerAddress = 'localhost';
$smtpPort = 587;
$smtp_auth_mech = 'login';

(reference email list archive)