forged domain in message-id?

Thu, 10 Sep 2009 14:11:56 -0700

I've started seeing "forged domain name in Message-ID: header: covisp.net " recently when sending from a covisp.net email address. I suspect that it is the OS X Mail.app generating it's own Message-ID.
What I'd like is to know how I can let postfix know that Message-IDs from authenticated clients with local user addresses are not forged; or if that's possible. 


postfix 2.62
 $ postconf -n
alias_database = hash:$config_directory/aliases
alias_maps = hash:$config_directory/aliases
allow_percent_hack = no
anvil_rate_time_unit = 60s
body_checks = pcre:$config_directory/body_checks.pcre
bounce_size_limit = 10240
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
default_process_limit = 50
disable_vrfy_command = yes
header_checks = pcre:$config_directory/header_checks.pcre
header_size_limit = 10240
home_mailbox = Maildir/
html_directory = /usr/local/share/doc/postfix
inet_interfaces = all
mail_owner = postfix
mailbox_command = /usr/local/bin/procmail -t -a $EXTENSION
mailbox_size_limit = 52428800
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
maps_rbl_reject_code = 521
message_size_limit = 15728640
mime_header_checks = pcre:$config_directory/mime_headers.pcre

mydestination = $myhostname, localhost.$mydomain, $mydomain,  
localhost,	ns1.$mydomain, ns2.$mydomain, mail.$mydomain, www. 
$mydomain, webmail.$mydomain

mydomain = covisp.net
myhostname = mail.covisp.net
mynetworks = [various IPs], 127.0.0.0/8
myorigin = $mydomain
newaliases_path = /usr/local/bin/newaliases

parent_domain_matches_subdomains =  
debug_peer_list 
,fast_flush_domains,mynetworks,qmqpd_authorized_clients,relay_domains

queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
recipient_delimiter = +
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
show_user_unknown_table_name = no
smtpd_banner = $myhostname ESMTP $mail_name $mail_version
smtpd_client_connection_count_limit = 15
smtpd_client_connection_rate_limit = 8

smtpd_data_restrictions = reject_unauth_pipelining,     
reject_multi_recipient_bounce,    check_sender_access hash: 
$config_directory/backscatter    permit

smtpd_error_sleep_time = 28
smtpd_hard_error_limit = 8
smtpd_helo_required = yes

smtpd_helo_restrictions = permit_mynetworks,	 
reject_invalid_helo_hostname,	reject_non_fqdn_helo_hostname,	permit

smtpd_recipient_limit = 25

smtpd_recipient_restrictions = reject_non_fqdn_sender,  
reject_non_fqdn_recipient, reject_unknown_sender_domain,  
reject_invalid_hostname, permit_mynetworks, check_client_access hash: 
$config_directory/pbs, permit_sasl_authenticated,  
reject_unauth_destination, reject_unlisted_recipient,  
reject_unlisted_sender, reject_unknown_reverse_client_hostname,  
warn_if_reject reject_unknown_client_hostname, check_client_access  
cidr:/var/db/dnswl/postfix-dnswl-permit check_sender_access pcre: 
$config_directory/sender_access.pcre, check_client_access pcre: 
$config_directory/check_client_fqdn.pcre, check_recipient_access pcre: 
$config_directory/recipient_checks.pcre, check_client_access hash: 
$config_directory/access, reject_rbl_client  
zen.spamhaus.org=127.0.0.10 permit

smtpd_restriction_classes = check_greylist

smtpd_sender_restrictions = check_client_access hash:$config_directory/ 
pbs,  permit_sasl_authenticated,   permit_mynetworks

smtpd_soft_error_limit = 4
smtpd_starttls_timeout = 90s
smtpd_tls_cert_file = /etc/postfix/server.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_loglevel = 2
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:$data_directory/smtpd_sessions
smtpd_tls_session_cache_timeout = 1800s
soft_bounce = no
swap_bangpath = no
transport_maps = hash:/etc/postfix/transport
undisclosed_recipients_header = To: List of Bcc addresses:;
unknown_local_recipient_reject_code = 550
virtual_alias_domains = kreme.com

virtual_alias_maps = hash:$config_directory/virtual    pcre: 
$config_directory/virtual.pcre,    pcre:$config_directory/ 
virtual_sql.pcre,    proxy:mysql:$config_directory/ 
mysql_virtual_alias_maps.cf

virtual_gid_maps = static:89
virtual_mailbox_base = /usr/local/virtual

virtual_mailbox_domains = proxy:mysql:$config_directory/ 
mysql_virtual_domains_maps.cf
virtual_mailbox_maps = proxy:mysql:$config_directory/ 
mysql_virtual_mailbox_maps.cf

virtual_minimum_uid = 89
virtual_transport = procmail
virtual_uid_maps = static:89




--
Can I borrow your underpants for 10 minutes?























					Reply via email to