Re: Stopping acceptence from unowned networks address as from my domains
On Fri, 8 Feb 2019 at 01:31, li...@lazygranch.com wrote: > I'm having trouble finding check_sender_access AND inline. Is inline > some way of not using hash? For example, I have: > > check_sender_access hash:/etc/postfix/sender_checks, > > Maybe I'm using this wrong. I have this set up to whitelist addresses. > That is my sender_checks looks like > > gwoodper...@ok.com OK > > I'm not using this to reject anything. > re inline see http://www.postfix.org/DATABASE_README.html What you are doing is fine but whitelisting in general carries risk and whitelisting on the envelope sender especially because this parameter is easily faked and it will not usually be seen by the recipient. I use check_sender _access whitelisting only for a few cases where legitimate mails have previously been wrongly blocked by subsequent RBL or reject_unknown_reverse_client_hostname tests. (If your RBL tests are done inside postscreen then local whitelisting by envelope sender is too late I think.) I do however use check_sender_access for blacklisting (REJECT) and for spam scoring.
Re: Stopping acceptence from unowned networks address as from my domains
On Thu, 7 Feb 2019 05:24:08 +0100 Francesc Peñalvez wrote: > I asked the same and Vietse Venema answer this: > > Postfix 3.0 and later: > > /etc/postfix/main.cf: > smtpd_sender_restrictions = > permit_mynetworks > permit_sasl_authenticated > check_sender_access inline:{ > { example.com = REJECT local sender from unauthorized > client } > { other.example = REJECT local sender from unauthorized > client } > } > > Instead of example.com and other.example, specify your email domains. > > Note: this breaks email from remote mail forwarders or from remote > distribution lists that don't reset the sender address. > > > this worked perfectly for me > > * > Este mensaje y todos los archivos adjuntos son confidenciales y de > uso exclusivo por parte de su/sus destinatario/s. Si usted ha > recibido este mensaje por error, le agradecemos que lo notifique > inmediatamente al remitente y destruya el mensaje. Queda prohibida > cualquier modificación, edición, uso o divulgación no autorizados. El > Emisor no se hace responsable de este mensaje si ha sido modificado, > distorsionado, falsificado, infectado por un virus o editado o > difundido sin autorización. > > > *** > This message and any attachments are confidential and intended for > the named addressee(s) only. If you have received this message in > error, please notify immediately the sender, then delete the message. > Any unauthorized modification, edition, use or dissemination is > prohibited. The sender shall not be liable for this message if it has > been modified, altered, falsified, infected by a virus or even edited > or disseminated without authorization. > *** > > El 07/02/2019 a las 2:44, Ruben Safir escribió: > > I got this email, which I thought I set up postfix to block > > > > >From ru...@mrbrklyn.com Wed Feb 6 06:26:12 2019 > > Return-Path: > > X-Original-To: ru...@mrbrklyn.com > > Delivered-To: ru...@mrbrklyn.com > > Received: from mail.isentia.asia (mail.mediabanc.ws > > [203.223.144.88]) by mrbrklyn.com (Postfix) with ESMTP id > > BE463161132 for ; Wed, 6 Feb 2019 06:25:50 > > -0500 (EST) Received: from fixed-187-189-92-126.totalplay.net > > (187.189.92.126) by mail.mediabanc.ws (10.61.3.33) with Microsoft > > SMTP Server id 8.1.240.5; Wed, > > 6 Feb 2019 15:36:09 +0800 > > From: BSM > > To: ru...@mrbrklyn.com > > Subject: Directorio Empresarial Mexicano 2019 > > Date: Wed, 6 Feb 2019 01:40:06 -0600 > > Message-ID: <20190206014006.8f2d6192f98f7...@mrbrklyn.com> > > MIME-Version: 1.0 > > Content-Type: text/html; charset="iso-8859-1" > > Content-Transfer-Encoding: quoted-printable > > X-UID: 55347 > > Status: RO > > Content-Length: 36872 > > Lines: 561 > > > > This is addressed as me in the From line and came from outside my > > local network > > > > I want domain being accepted From my domain only is it comes from > > within the local network > > > I'm having trouble finding check_sender_access AND inline. Is inline some way of not using hash? For example, I have: check_sender_access hash:/etc/postfix/sender_checks, Maybe I'm using this wrong. I have this set up to whitelist addresses. That is my sender_checks looks like goodper...@ok.com OK I'm not using this to reject anything.
Re: Stopping acceptence from unowned networks address as from my domains
postfix can do this without further infrastructure On Thu, Feb 07, 2019 at 07:53:38AM -0800, Lucius Rizzo wrote: > On Wed, Feb 06, 2019 at 08:44:40PM -0500, Ruben Safir wrote: > > I got this email, which I thought I set up postfix to block > > Setup SPFi (SPF hardfail) , DKIM, DMARC properly -- So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 http://www.nylxs.com - Leadership Development in Free Software http://www2.mrbrklyn.com/resources - Unpublished Archive http://www.coinhangout.com - coins! http://www.brooklyn-living.com Being so tracked is for FARM ANIMALS and extermination camps, but incompatible with living as a free human being. -RI Safir 2013
Re: Stopping acceptence from unowned networks address as from my domains
On Wed, Feb 06, 2019 at 08:44:40PM -0500, Ruben Safir wrote: > I got this email, which I thought I set up postfix to block Setup SPFi (SPF hardfail) , DKIM, DMARC properly
Re: Stopping acceptence from unowned networks address as from my domains
Greetings, Gary! > From: BSM > To: ru...@mrbrklyn.com I'm explicitly rejecting any attempt to push mails with $mydomain in From through public mail exchanger. If it is internal correspondence from domain members, they should use submission service, which allows such mails. -- With best regards, Andrey Repin Thursday, February 7, 2019 17:36:01 Sorry for my terrible english...
Re: Stopping acceptence from unowned networks address as from my domains
I asked the same and Vietse Venema answer this: Postfix 3.0 and later: /etc/postfix/main.cf: smtpd_sender_restrictions = permit_mynetworks permit_sasl_authenticated check_sender_access inline:{ { example.com = REJECT local sender from unauthorized client } { other.example = REJECT local sender from unauthorized client } } Instead of example.com and other.example, specify your email domains. Note: this breaks email from remote mail forwarders or from remote distribution lists that don't reset the sender address. this worked perfectly for me * Este mensaje y todos los archivos adjuntos son confidenciales y de uso exclusivo por parte de su/sus destinatario/s. Si usted ha recibido este mensaje por error, le agradecemos que lo notifique inmediatamente al remitente y destruya el mensaje. Queda prohibida cualquier modificación, edición, uso o divulgación no autorizados. El Emisor no se hace responsable de este mensaje si ha sido modificado, distorsionado, falsificado, infectado por un virus o editado o difundido sin autorización. *** This message and any attachments are confidential and intended for the named addressee(s) only. If you have received this message in error, please notify immediately the sender, then delete the message. Any unauthorized modification, edition, use or dissemination is prohibited. The sender shall not be liable for this message if it has been modified, altered, falsified, infected by a virus or even edited or disseminated without authorization. *** El 07/02/2019 a las 2:44, Ruben Safir escribió: I got this email, which I thought I set up postfix to block >From ru...@mrbrklyn.com Wed Feb 6 06:26:12 2019 Return-Path: X-Original-To: ru...@mrbrklyn.com Delivered-To: ru...@mrbrklyn.com Received: from mail.isentia.asia (mail.mediabanc.ws [203.223.144.88]) by mrbrklyn.com (Postfix) with ESMTP id BE463161132 for ; Wed, 6 Feb 2019 06:25:50 -0500 (EST) Received: from fixed-187-189-92-126.totalplay.net (187.189.92.126) by mail.mediabanc.ws (10.61.3.33) with Microsoft SMTP Server id 8.1.240.5; Wed, 6 Feb 2019 15:36:09 +0800 From: BSM To: ru...@mrbrklyn.com Subject: Directorio Empresarial Mexicano 2019 Date: Wed, 6 Feb 2019 01:40:06 -0600 Message-ID: <20190206014006.8f2d6192f98f7...@mrbrklyn.com> MIME-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-UID: 55347 Status: RO Content-Length: 36872 Lines: 561 This is addressed as me in the From line and came from outside my local network I want domain being accepted From my domain only is it comes from within the local network smime.p7s Description: Firma criptográfica S/MIME
Re: Stopping acceptence from unowned networks address as from my domains
When spammers do this to me, I get a bounced mail due to SPF issues since it really isn't from my server. So maybe something SPF related can do what you want. Original Message From: ru...@mrbrklyn.com Sent: February 6, 2019 5:45 PM To: postfix-users@postfix.org Subject: Stopping acceptence from unowned networks address as from my domains I got this email, which I thought I set up postfix to block From ru...@mrbrklyn.com Wed Feb 6 06:26:12 2019 Return-Path: X-Original-To: ru...@mrbrklyn.com Delivered-To: ru...@mrbrklyn.com Received: from mail.isentia.asia (mail.mediabanc.ws [203.223.144.88]) by mrbrklyn.com (Postfix) with ESMTP id BE463161132 for ; Wed, 6 Feb 2019 06:25:50 -0500 (EST) Received: from fixed-187-189-92-126.totalplay.net (187.189.92.126) by mail.mediabanc.ws (10.61.3.33) with Microsoft SMTP Server id 8.1.240.5; Wed, 6 Feb 2019 15:36:09 +0800 From: BSM To: ru...@mrbrklyn.com Subject: Directorio Empresarial Mexicano 2019 Date: Wed, 6 Feb 2019 01:40:06 -0600 Message-ID: <20190206014006.8f2d6192f98f7...@mrbrklyn.com> MIME-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-UID: 55347 Status: RO Content-Length: 36872 Lines: 561 This is addressed as me in the From line and came from outside my local network I want domain being accepted From my domain only is it comes from within the local network -- So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 http://www.nylxs.com - Leadership Development in Free Software http://www2.mrbrklyn.com/resources - Unpublished Archive http://www.coinhangout.com - coins! http://www.brooklyn-living.com Being so tracked is for FARM ANIMALS and extermination camps, but incompatible with living as a free human being. -RI Safir 2013
Stopping acceptence from unowned networks address as from my domains
I got this email, which I thought I set up postfix to block >From ru...@mrbrklyn.com Wed Feb 6 06:26:12 2019 Return-Path: X-Original-To: ru...@mrbrklyn.com Delivered-To: ru...@mrbrklyn.com Received: from mail.isentia.asia (mail.mediabanc.ws [203.223.144.88]) by mrbrklyn.com (Postfix) with ESMTP id BE463161132 for ; Wed, 6 Feb 2019 06:25:50 -0500 (EST) Received: from fixed-187-189-92-126.totalplay.net (187.189.92.126) by mail.mediabanc.ws (10.61.3.33) with Microsoft SMTP Server id 8.1.240.5; Wed, 6 Feb 2019 15:36:09 +0800 From: BSM To: ru...@mrbrklyn.com Subject: Directorio Empresarial Mexicano 2019 Date: Wed, 6 Feb 2019 01:40:06 -0600 Message-ID: <20190206014006.8f2d6192f98f7...@mrbrklyn.com> MIME-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-UID: 55347 Status: RO Content-Length: 36872 Lines: 561 This is addressed as me in the From line and came from outside my local network I want domain being accepted From my domain only is it comes from within the local network -- So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 http://www.nylxs.com - Leadership Development in Free Software http://www2.mrbrklyn.com/resources - Unpublished Archive http://www.coinhangout.com - coins! http://www.brooklyn-living.com Being so tracked is for FARM ANIMALS and extermination camps, but incompatible with living as a free human being. -RI Safir 2013