Prevent Spam from valid sender/recipient

From QmailToaster
Jump to navigation Jump to search

How to prevent spam from a spoofed local account.

Example SMTP Log:

08-27 05:54:35 CHKUSER accepted sender: from <> remote <[]:unknown:> rcpt <> : sender accepted
08-27 05:54:35 CHKUSER accepted rcpt: from <> remote <[]:unknown:> rcpt <> : found existing recipient
08-27 05:54:35 policy_check: local -> local (UNAUTHENTICATED SENDER)
08-27 05:54:35 policy_check: policy allows transmission
08-27 05:54:35 spamdyke[28493]: ALLOWED from: to: origin_ip: origin_rdns: (unknown) auth: (unknown) encryption: (none)
08-27 05:54:39 simscan:[28494]:CLEAN (7.90/12.00):3.1911s:***SPAM*** Hi recipient, be our guest. 70% off for you.. on is 
  • Use spamdyke, and blacklist your local domain(s). This is counter intuitive, but works great. In the
    file, add:
  • All of your domains' submissions must be authenticated for this to work. If you have some web apps (for instance) that submit w/out authenticating (you have them approved for relay in tcp.smtp) then you can't use this method. My suggestion in this case is to modify the web app to authenticate.
  • Webmail should be configured to authenticate, in which case you don't need the 127.: line in tcp.smtp. This is a trivial change in
$smtpServerAddress = 'localhost';
$smtpPort = 587;
$smtp_auth_mech = 'login';

(reference email list archive)