Anyone feel like hashing over some Postfix UCE stuff?

I found out a few things during my testing that I found interesting.

If anyones curious, lets continue the thread here..

Tarballed

Ok ok..you twisted my arm...i'll post my thoughts:

Reading and doing some testing, I put all of my rules underneath:

smtpd_recipient_restrictions.

I did this for a number of reasons. But basically, it allows me to go through all the steps and checks before the server will reject anything. Where as if I set it up around helo or client, it gets rejected earlier in the 'chain'. But with 'recipient' being used, it goes through everything first.

That make sense?

Ok. What i've done with my smtpd_recipient_restictions is created a file called access_recipient. Inside that file I put some test's for usernames and domains.

For example:

@getv1agra.com REJECT Your a spammer! Go away!

Then, in smtpd_recipient_restrictions I added the following:

[code:1:ab2be4ba95]client_recipient_access:hash/etc/postfix/maps/access_recipient [/code:1:ab2be4ba95]

From my understanding, someone tries to send email to me from my domain and they are sending from the domain @getv1agra.com, the server should reject it correct?

This is where my testing got a little funky, but I think I know why:

First, I setup all my rules on the mail gateway. Makes sense to do all the checking on the gateway, instead of on the server itself...

So what I did is I telneted to the gateway port 25
Went through the whole shebang
Used a randome username and a domain that was in my access_recipient list and was set to REJECT

What is interesting is, it relayed the mail to my mail server. :(
After doing some poking around, I think the reason why it worked is because the machine that I telneted from was in the range of the IP addresses that is in $mynetworks. With that in mind, obviously, it should work since that computer is in the range, right?

Kinda interesting when you think about it because if someone could some how spoof the correct email address, postfix would still relay the mail through, right?

BUT, I think this could all depend on where you place permit_mynetworks in your postfix setup. If it is set at the very beginning, everything should work. But if you set it up some where in between everything, my thinking is it would provide a bit more security function to your server..

Anyone have any comments? Is this close or is this way off? :)

Ok ok..you twisted my arm...i'll post my thoughts:

Reading and doing some testing, I put all of my rules underneath:

smtpd_recipient_restrictions.

I did this for a number of reasons. But basically, it allows me to go through all the steps and checks before the server will reject anything. Where as if I set it up around helo or client, it gets rejected earlier in the 'chain'. But with 'recipient' being used, it goes through everything first.

That make sense?

Sure does

Ok. What i've done with my smtpd_recipient_restictions is created a file called access_recipient. Inside that file I put some test's for usernames and domains.

For example:

@getv1agra.com REJECT Your a spammer! Go away!

Then, in smtpd_recipient_restrictions I added the following:

[code:1:18a98f8cb1]client_recipient_access:hash/etc/postfix/maps/access_recipient [/code:1:18a98f8cb1]

Try dropping the @ ... make it like this:

[code:1:18a98f8cb1]getv1agra.com REJECT You're a spammer! Go away![/code:1:18a98f8cb1]

From my understanding, someone tries to send email to me from my domain and they are sending from the domain @getv1agra.com, the server should reject it correct?

This is where my testing got a little funky, but I think I know why:

First, I setup all my rules on the mail gateway. Makes sense to do all the checking on the gateway, instead of on the server itself...

So what I did is I telneted to the gateway port 25
Went through the whole shebang
Used a randome username and a domain that was in my access_recipient list and was set to REJECT

What is interesting is, it relayed the mail to my mail server. :(
After doing some poking around, I think the reason why it worked is because the machine that I telneted from was in the range of the IP addresses that is in $mynetworks. With that in mind, obviously, it should work since that computer is in the range, right?

Kinda interesting when you think about it because if someone could some how spoof the correct email address, postfix would still relay the mail through, right?

BUT, I think this could all depend on where you place permit_mynetworks in your postfix setup.

It does, permit_mynetworks should be first in the list, all other spam checks next, followed lastly by permit. Some times it's better to post the whole map, that way we can see the order of your _checks

cheers,
loop

Thanks Loop...

Ya, I dropped the @ before each entry in my access file.

So just has the domain and REJECT next to it.

I think, in my case, the reason why it sent the email through, even though I specified a REJECT domain in my access file was because of the $mynetworks option I have...it will send out email from all clients who fall into that range....so my test computer, was in the $mynetworks range which should explain why it sent it out, correct?

I'm really digging Postfix and find it great. I am really surprised more people do not use it over sendmail.

Correct me if im wrong, but cant postfix do everything that sendmail can do, and more?

Tarballed

Correct me if im wrong, but cant postfix do everything that sendmail can do, and more?


AFACT, not sure about the "more" bit ... but it does everything I need it to, and at least I can undersand the config file :)

Ok...my whole postconf -n

[code:1:ad29f649a1]biff = no
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
empty_address_recipient = MAILER-DAEMON
header_checks = regexp:/etc/postfix/maps/header_checks
local_recipient_maps =
local_transport = local
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
message_size_limit = 20000000
mydestination = $myhostname, localhost.$mydomain, $mydomain
mydomain = courtesymortgage.com
myhostname = blowfish.courtesymortgage.com
mynetworks = 192.168.1.0/24, 127.0.0.0/8
myorigin = $myhostname
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
queue_minfree = 8000000
readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_restrictions =
smtpd_helo_required = yes
smtpd_helo_restrictions =
smtpd_recipient_limit = 30
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_invalid_hostname, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, check_recipient_access hash:/etc/postfix/maps/access, reject_rbl client relays.ordb.org, reject_rbl_client zombie.dnsbl.sorbs.net, reject_rbl_client list.dsbl.org, reject_rbl_client sbl.spamhaus.org, permit
transport_maps = hash:/etc/postfix/maps/transport
unknown_local_recipient_reject_code = 450
[/code:1:ad29f649a1]

Still want to work on my header_checks and access file, but I thought i'd start light, and build up. That way, if I run into any problems I know where to look.


Tarballed