Or even better: Accept the mail, but toss it away. Eg use, DISCARD instead.
-----Ursprungligt meddelande----- Från: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] För Paul Schmehl Skickat: den 22 oktober 2016 18:20 Till: Paul van der Vlis <p...@vandervlis.nl>; postfix-users@postfix.org Ämne: Re: Open relay --On October 22, 2016 at 12:16:33 PM +0200 Paul van der Vlis <p...@vandervlis.nl> wrote: > Op 22-10-16 om 04:32 schreef Bill Cole: >> On 21 Oct 2016, at 16:15, Paul van der Vlis wrote: > >>> ---- >>> Received: from [127.0.0.1] (87-92-55-206.bb.dnainternet.fi >>> [87.92.55.206]) >>> (Authenticated sender: p...@puk.nl) >>> by mail.vandervlis.nl (Postfix) with ESMTPSA id 774B23E0285; >>> Fri, 21 Oct 2016 18:57:14 +0200 (CEST) >>> ---- >>> As would my server sent it to my server... >> >> Not exactly. That Received header indicates that the machine at >> 87.92.55.206 which is actually named 87-92-55-206.bb.dnainternet.fi >> introduced itself with "EHLO [127.0.0.1]" on an encrypted session and >> proceeded to authenticate as the user whose name you've replaced with >> p...@puk.nl. >> >> As a stopgap, you could add a directive like this to >> smtpd_helo_restrictions: >> >> check_helo_access pcre:/etc/postfix/helo_checks >> >> And in that helo_checks file; >> >> /127\.0\.0\.1/ REJECT you are not me > > Thanks, a great idea to have standard in most cases. I would make one suggestion. I would reject the attempt silently. No sense in tipping off the spammer to what he needs to do to work around it. Just use REJECT with no explanation. "The man who never looks into a newspaper is better informed than he who reads them, inasmuch as he who knows nothing is nearer the truth than he whose mind is filled with falsehoods and errors." - Thomas Jefferson Paul Schmehl (pschm...@tx.rr.com) Independent Researcher
smime.p7s
Description: S/MIME Cryptographic Signature
