Prevent Spam from valid sender/recipient
Jump to navigation Jump to search
How to prevent spam from a spoofed local account.
Example SMTP Log:
08-27 05:54:35 CHKUSER accepted sender: from <firstname.lastname@example.org::> remote <[188.8.131.52]:unknown:184.108.40.206> rcpt <> : sender accepted 08-27 05:54:35 CHKUSER accepted rcpt: from <email@example.com::> remote <[220.127.116.11]:unknown:18.104.22.168> rcpt <firstname.lastname@example.org> : found existing recipient 08-27 05:54:35 policy_check: local email@example.com -> local firstname.lastname@example.org (UNAUTHENTICATED SENDER) 08-27 05:54:35 policy_check: policy allows transmission 08-27 05:54:35 spamdyke: ALLOWED from: email@example.com to: firstname.lastname@example.org origin_ip: 22.214.171.124 origin_rdns: (unknown) auth: (unknown) encryption: (none) 08-27 05:54:39 simscan::CLEAN (7.90/12.00):3.1911s:***SPAM*** Hi recipient, be our guest. 70% off for you.. on is the:126.96.36.199:email@example.com:firstname.lastname@example.org
- Use spamdyke, and blacklist your local domain(s). This is counter intuitive, but works great. In the
- All of your domains' submissions must be authenticated for this to work. If you have some web apps (for instance) that submit w/out authenticating (you have them approved for relay in tcp.smtp) then you can't use this method. My suggestion in this case is to modify the web app to authenticate.
- Webmail should be configured to authenticate, in which case you don't need the 127.: line in tcp.smtp. This is a trivial change in
- $smtpServerAddress = 'localhost';
- $smtpPort = 587;
- $smtp_auth_mech = 'login';
(reference email list archive)