Prevent Spam from valid sender/recipient

The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

How to prevent spam from a spoofed local account.

Example SMTP Log:

08-27 05:54:35 CHKUSER accepted sender: from <valid.email@account.no::> remote <[113.22.203.172]:unknown:113.22.203.172> rcpt <> : sender accepted
08-27 05:54:35 CHKUSER accepted rcpt: from <valid.email@account.no::> remote <[113.22.203.172]:unknown:113.22.203.172> rcpt <valid.email@account.no> : found existing recipient
08-27 05:54:35 policy_check: local valid.email@account.no -> local valid.email@account.no (UNAUTHENTICATED SENDER)
08-27 05:54:35 policy_check: policy allows transmission
08-27 05:54:35 spamdyke[28493]: ALLOWED from: valid.email@account.no to: valid.email@account.no origin_ip: 113.22.203.172 origin_rdns: (unknown) auth: (unknown) encryption: (none)
08-27 05:54:39 simscan:[28494]:CLEAN (7.90/12.00):3.1911s:***SPAM*** Hi recipient, be our guest. 70% off for you.. on is the:113.22.203.172:valid.email@account.no:valid.email@account.no

Use spamdyke, and blacklist your local domain(s). This is counter intuitive, but works great. In the
```
/etc/spamdyke/blacklist_senders
```
file, add:
```
@mydomain.com
```

All of your domains' submissions must be authenticated for this to work. If you have some web apps (for instance) that submit w/out authenticating (you have them approved for relay in tcp.smtp) then you can't use this method. My suggestion in this case is to modify the web app to authenticate.

Webmail should be configured to authenticate, in which case you don't need the 127.: line in tcp.smtp. This is a trivial change in
```
/etc/squirrelmail/local_config.php:
```

$smtpServerAddress = 'localhost';

$smtpPort = 587;

$smtp_auth_mech = 'login';

(reference email list archive)

Prevent Spam from valid sender/recipient

Navigation menu

Search