--On October 22, 2016 at 12:16:33 PM +0200 Paul van der Vlis
<p...@vandervlis.nl> wrote:
Op 22-10-16 om 04:32 schreef Bill Cole:
On 21 Oct 2016, at 16:15, Paul van der Vlis wrote:
----
Received: from [127.0.0.1] (87-92-55-206.bb.dnainternet.fi
[87.92.55.206])
(Authenticated sender: p...@puk.nl)
by mail.vandervlis.nl (Postfix) with ESMTPSA id 774B23E0285;
Fri, 21 Oct 2016 18:57:14 +0200 (CEST)
----
As would my server sent it to my server...
Not exactly. That Received header indicates that the machine at
87.92.55.206 which is actually named 87-92-55-206.bb.dnainternet.fi
introduced itself with "EHLO [127.0.0.1]" on an encrypted session and
proceeded to authenticate as the user whose name you've replaced with
p...@puk.nl.
As a stopgap, you could add a directive like this to
smtpd_helo_restrictions:
check_helo_access pcre:/etc/postfix/helo_checks
And in that helo_checks file;
/127\.0\.0\.1/ REJECT you are not me
Thanks, a great idea to have standard in most cases.
I would make one suggestion. I would reject the attempt silently. No
sense in tipping off the spammer to what he needs to do to work around it.
Just use REJECT with no explanation.
"The man who never looks into a newspaper is better informed than he who
reads them, inasmuch as he who knows nothing is nearer the truth than he
whose mind is filled with falsehoods and errors." - Thomas Jefferson
Paul Schmehl (pschm...@tx.rr.com)
Independent Researcher
