Re: forged spam mails

2009-01-25 Thread mouss 
bharathan kailath a écrit :
> it is only in the From Header yahoo domain appears!
> 

Please do not top post. put your replies after the text you reply to.

if it is the From: header, then you can't block it with postfix alone
(header_checks apply to all mail, and check one header at a time).

you need a content filter (or a milter). you can use spamassassin (via
amavisd-new) for example.

Re: forged spam mails

2009-01-25 Thread bharathan kailath 
it is only in the From Header yahoo domain appears!


On Sat, Jan 24, 2009 at 11:01 PM, Sahil Tandon  wrote:

> On Sat, 24 Jan 2009, bharathan kailath wrote:
>
> > i get spam mails that pretend to be from yahoo (eg.from yahoo.it,
> yahoo.nl)
> > on my postfix relay; how can i prevent such kind of foregeries
>
> By pretend, do you mean the domain of the ENVELOPE SENDER is yahoo.com (or
> some other .tld), or that it is only in the FROM HEADER where the yahoo
> domain appears?
>
> --
> Sahil Tandon 
>

Re: forged spam mails

2009-01-24 Thread Sahil Tandon 
On Sat, 24 Jan 2009, bharathan kailath wrote:

> i get spam mails that pretend to be from yahoo (eg.from yahoo.it, yahoo.nl)
> on my postfix relay; how can i prevent such kind of foregeries

By pretend, do you mean the domain of the ENVELOPE SENDER is yahoo.com (or
some other .tld), or that it is only in the FROM HEADER where the yahoo
domain appears?

-- 
Sahil Tandon

Re: forged spam mails

2009-01-24 Thread mouss 
bharathan kailath a écrit :
> i get spam mails that pretend to be from yahoo (eg.from yahoo.it
> , yahoo.nl ) on my postfix relay; how
> can i prevent such kind of foregeries

when asking for help about fighting spam, it is a good idea to show what
you are already doing to block spam.


you could reject such mail if it doesn't come from a *.yahoo.com host.

smtpd_recipient_restrictions =
...
reject_unauth_destination
...
check_client_access cidr:/var/db/dnswl/postfix-dnswl-permit
...
check_client_acess hash:/etc/postfix/client_whitelist
check_sender_access hash:/etc/postfix/forged_sender

== postfix-dnswl-permit
rsync this from dnswl.org

== client_whitelist
yahoo.com   OK
.yahoo.com  OK
yahoo.nlOK
.yahoo.nl   OK
...

== forged_sender
yahoo.com   REJECT forged sender
yahoo.nlREJECT forged sender
...

but this is problematic:

- the client_whitelist must include all domains that may be used in
hostnames of yahoo outbound relays. DNSWL helps here, but nothing
prevents yahoo from adding new relays...

- this relies on DNS, so will delay mail from yahoo if there are any DNS
problems. (again, DNSWL helps here)

if you see IPs of legitimate yahoo servers not listed in DNSWL, please
submit them.

forged spam mails

2009-01-23 Thread bharathan kailath 
i get spam mails that pretend to be from yahoo (eg.from yahoo.it, yahoo.nl)
on my postfix relay; how can i prevent such kind of foregeries
help appreciated
thanks