3. Postfix - where to setup the you are not me option?

Postfix - where to setup the you are not me option?

  • D

    Hey Everyone,

    I'm trying to stop e-mail spoofing our domain by using "you are not me" method following the instruction from the link below but with pfsense file structure. Everything works great until i do anything via the web gui and after a saved, the setting inside main.cf remove check_helo_access hash:/usr/local/etc/postfix/helo.access . Now every morning I'm getting an e-mail message from me sending to me, telling me about a job offer to work from home >:(.

    reference from: http://www.bowe.id.au/michael/isp/postfix-server.htm

    vi /usr/local/etc/postfix/helo.access

    ## Deny connections from people forging our hostnames
            mail.yourdomain.com         REJECT You are not me
            mail-mx.yourdomain.com REJECT You are not me

    mail.domain1.com                 REJECT You are not me
            mail.domain2.com                 REJECT You are not me
            mail.domain3.com                 REJECT You are not me

    postmap /usr/local/etc/postfix/helo.access

    vi /usr/local/etc/postfix/main.cf
            smtpd_helo_required = yes
            smtpd_helo_restrictions =
            permit_mynetworks,
            check_helo_access hash:/usr/local/etc/postfix/helo.access,
            # warn_if_reject,
            reject_invalid_helo_hostname,
            permit

    postfix reload

    0

  • All config is created by package gui. If you need to include a file hack, do it on postfix.inc

    Are you using latest version? did you configured helo acl?

    0
  • D

    Thanks for responding,

    I using 2.0.2-RELEASE, if it does make a different i can definitely update to the latest version.
    I did enable the Antispam -> Helo Hostname -> checked, but people in my office saying they're not getting e-mail from legitimate sender. I assume this must have block some host using outside e-mail server that doesn't match their dns record. Where is the helo acl area? is this part of the new release?

    Thanks again,

    0

  • @dimsion:

    Where is the helo acl area? is this part of the new release?

    Yes.  :)

    0
  • D

    Using the following version:
                2.0.3-RELEASE (amd64)
                built on Fri Apr 12 10:27:15 EDT 2013
                FreeBSD 8.1-RELEASE-p13

    I can't seem to get this working, i added my domain under services->postfix forwarder->access lists->helo

    /^mydomain.org/ REJECT

    Still, i'm getting e-mail send to me by me from an outsider source.

    Perhaps, i'm placing it in the wrong place? Any help would greatly appreciated.

    0

  • Many spams send a correct header but on mail change sender info on mail data.

    on my setup I do not use the ^ on helo info

    my domain restrictions are placed on  acls  helo and sender field

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy