Prevent Spam from valid sender/recipient

From QmailToaster
Revision as of 10:41, 16 March 2024 by Ebroch (talk | contribs) (Created page with "'''How to prevent spam from a spoofed local account.''' Example SMTP Log: 08-27 05:54:35 CHKUSER accepted sender: from <valid.email@account.no::> remote <[113.22.203.172]:unknown:113.22.203.172> rcpt <> : sender accepted 08-27 05:54:35 CHKUSER accepted rcpt: from <valid.email@account.no::> remote <[113.22.203.172]:unknown:113.22.203.172> rcpt <valid.email@account.no> : found existing recipient 08-27 05:54:35 policy_check: local valid.email@account.no -> local valid....")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

How to prevent spam from a spoofed local account.

Example SMTP Log:

08-27 05:54:35 CHKUSER accepted sender: from <valid.email@account.no::> remote <[113.22.203.172]:unknown:113.22.203.172> rcpt <> : sender accepted
08-27 05:54:35 CHKUSER accepted rcpt: from <valid.email@account.no::> remote <[113.22.203.172]:unknown:113.22.203.172> rcpt <valid.email@account.no> : found existing recipient
08-27 05:54:35 policy_check: local valid.email@account.no -> local valid.email@account.no (UNAUTHENTICATED SENDER)
08-27 05:54:35 policy_check: policy allows transmission
08-27 05:54:35 spamdyke[28493]: ALLOWED from: valid.email@account.no to: valid.email@account.no origin_ip: 113.22.203.172 origin_rdns: (unknown) auth: (unknown) encryption: (none)
08-27 05:54:39 simscan:[28494]:CLEAN (7.90/12.00):3.1911s:***SPAM*** Hi recipient, be our guest. 70% off for you.. on is the:113.22.203.172:valid.email@account.no:valid.email@account.no 
  • Use spamdyke, and blacklist your local domain(s). This is counter intuitive, but works great. In the
    /etc/spamdyke/blacklist_senders
    file, add:
    @mydomain.com
  • All of your domains' submissions must be authenticated for this to work. If you have some web apps (for instance) that submit w/out authenticating (you have them approved for relay in tcp.smtp) then you can't use this method. My suggestion in this case is to modify the web app to authenticate.
  • Webmail should be configured to authenticate, in which case you don't need the 127.: line in tcp.smtp. This is a trivial change in
    /etc/squirrelmail/local_config.php:
$smtpServerAddress = 'localhost';
$smtpPort = 587;
$smtp_auth_mech = 'login';

(reference email list archive)