Hi Matus,
Thanks.
Yes, I guess it are spam or phishing mails.
The trick with "smtpd_recipient_restrictions" looks interesting. Thanks!
As I understand it now, there are three steps in this:
1/ the spammer sends us an email with destination
"foreign-email-address-in-srs-for...@ourhobbyclubdomain.com"
As"outhobbyclubdomain.com" is mydestination, the email is accepted for
relay.
2/ then the SRS-formated email-address is converted into a normal
email-address
3/ Then the message is forwarded towards that address.
(instead of postfix doing a lookup for the alias, seeing it does not
exist and refusing the message).
If step 2 would be done first (or simply not done on destination
addresses), then this trick would be stopped.
I guess I am not the first person seeing this behaviour, I guess this is
not a bug (as it would have been fixed a earlier), so I guess there must
be a postfix configuration for this.
How do I influence this order, or stop step 2 being done on destination
addresses?
Kr.
Op 18.12.23 om 12:15 schreef Matus UHLAR - fantomas via Postfix-users:
On 17.12.23 23:12, Kristoff via Postfix-users wrote:
I don't know if this question has already been ask, but I did not
find anything in the archive of the mailing-list.
I co-manage a postfix-server for an hobby-club. We provide
email-addresses to our members, which are linked to aliases, so we
forward the mails to the personal email-address of the member.
(The goal is to provide an email-address to the members, dedicated
for the hobby, which helps to shield-of the personal email-address of
the members).
Anycase, while looking into the log-files of postfix for another
issue, I noticed this:
---
Dec 17 04:32:05 smtp postfix/smtp[725772]: 4F58E6A10A0:
to=u...@example.com,
orig_to=SRS0=zxmM=H4=example.com=u...@ourhobbyclubdomain.com,
relay=mail.example.com[A.B.C.D]:25, delay=0.16,
delays=0.05/0/0.08/0.02, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued
as 714F7294BB2)
---
(personal information replaced for privacy-reason)
"u...@example.com" is just an email-address
"ourhobbyciubdomain.com" is the domain used by our organization.
So, it looks like somebody is sending use emails with a
foreign-email-address-in-srs-for...@ourhobbyclubdomain.com as
DESTINATION.
The net result seems to be that these mails are actually relayed by
our server, although we normally have a rule that we only relay
email-addresses of our members ("someu...@hobbyclubdomain.com")
I don't know if this is normal that the SRS is used in the
destination address? ( "SRS" does mean "SENDER rewriting Sceme"
doesn't it?)
What is the configuration to block this?
These may be spams to adress gathered from someone's mail, or maybe
delivery notifications?
I guess you are reverse-rewriting those SRSed destination addresses
using postsrs to original address of the sender.
You can redirect these messages to you as an admin in
smtpd_recipient_restrictions
using regex matchin, so neither of those mails reach original
recipient, but you as admin of ourhobbyclubdomain.com domain.
I did something similar but use plussed format SRS0+... and SRS1+...,
so I redirected "SRS0" and "SRS1" address (plus is understood as
address extension).
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
