Prevent Spam from valid sender/recipient
Jump to navigation
Jump to search
Back
How to prevent spam from a spoofed local account.
Example SMTP Log:
08-27 05:54:35 CHKUSER accepted sender: from <valid.email@account.no::> remote <[113.22.203.172]:unknown:113.22.203.172> rcpt <> : sender accepted 08-27 05:54:35 CHKUSER accepted rcpt: from <valid.email@account.no::> remote <[113.22.203.172]:unknown:113.22.203.172> rcpt <valid.email@account.no> : found existing recipient 08-27 05:54:35 policy_check: local valid.email@account.no -> local valid.email@account.no (UNAUTHENTICATED SENDER) 08-27 05:54:35 policy_check: policy allows transmission 08-27 05:54:35 spamdyke[28493]: ALLOWED from: valid.email@account.no to: valid.email@account.no origin_ip: 113.22.203.172 origin_rdns: (unknown) auth: (unknown) encryption: (none) 08-27 05:54:39 simscan:[28494]:CLEAN (7.90/12.00):3.1911s:***SPAM*** Hi recipient, be our guest. 70% off for you.. on is the:113.22.203.172:valid.email@account.no:valid.email@account.no
- Use spamdyke, and blacklist your local domain(s). This is counter intuitive, but works great. In the
/etc/spamdyke/blacklist_senders
file, add:@mydomain.com
- All of your domains' submissions must be authenticated for this to work. If you have some web apps (for instance) that submit w/out authenticating (you have them approved for relay in tcp.smtp) then you can't use this method. My suggestion in this case is to modify the web app to authenticate.
- Webmail should be configured to authenticate, in which case you don't need the 127.: line in tcp.smtp. This is a trivial change in
/etc/squirrelmail/local_config.php:
- $smtpServerAddress = 'localhost';
- $smtpPort = 587;
- $smtp_auth_mech = 'login';
(reference email list archive)