Bruno GRANDJEAN wrote:
Hi,
I am using a 2.3 postfix with spamassassin under freeBSD.
Actually I am trying to stop a massive backscatting attack to my smtp
server.
I followed the backscatting procedure on postfix website but it doesn't
work.
probably because this isn't backscatter...
Message-ID or EHLO fields for instance are too similar to my 'normal'
emails.
So the only solution is to test 'From:' AND 'To:' fields in the
header_checks file.
For instance:
From: +...@mydomain\.tld
<wlmailhtml:{4BA47245-C958-4DC9-BEED-AF218585D3ED}mid://00000004/!x-usc:mailto:+...@mydomain\.tld>
To: +...@mydomain\.tld
<wlmailhtml:{4BA47245-C958-4DC9-BEED-AF218585D3ED}mid://00000004/!x-usc:mailto:+...@mydomain\.tld>
Normally, I do not receive any email from my own domain.
So I can delete these emails without ulterior motive.
Then why don't you just reject mail from outside claiming to
be from you? This is not without drawbacks, but it might be
suitable as a temporary measure.
"reject_rbl_client zen.spamhaus.org" can work wonders too.
I founded an interesting regex which can test two patterns (pattern 1
AND pattern 2) but it doesn't work in the header_checks file.
Postfix header_checks operate on one header at a time. It's
not possible to compare two headers in postfix.
Do u have any solution I could test on my config?
I guess can find the solution with spamassassin but I'd like to find a
solution with postfix in preference.
Yes, spamassassin would help.
--
Noel Jones
