[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Someone was able to hack my mail account



On Fri, 2009-12-11 at 11:57 +0000, Dave Cross wrote:
> 2009/12/10 kevin <kevin kevinslair com>:
> > Please if anyone knows how to stop this with postfix and amavisd-new please
> > let me know !!!
> >
> > I am clueless how someone outside $mynetworks was able to do it.
> 
> As others have said, it's just a spammer spoofing your email address.
> 
> See http://en.wikipedia.org/wiki/Joe_Job
> 
> You might also look at http://en.wikipedia.org/wiki/Sender_Policy_Framework


For Postfix in particular, try:

http://www.postfix.org/ADDRESS_VERIFICATION_README.html

Turning on sender verification is dangerous, in that you WILL get false
positives due to things like misconfigured clients.  You would need to
add something that caused it to only try sender verification for
addresses within your own domain. That will help, but it wouldn't take
the spammers long to figure out some addresses within your domain that
are valid and would get past this check. 

What is really needed to absolutely put a stop to this sort of thing is
two SMTP servers. One is used by your users who authenticate first and
then have a relatively filter-free server after that. The other can then
implement more strict access restrictions such as blocking anything that
claims to come from your own domain that is coming in from something not
in $mynetworks.

But this forum is a bit too general for detailed Postfix tutorials. You
will be better off asking on the Postfix list and checking the Postfix
web site where the real Postfix experts live. Proper spam filtering is
hard to get right.

--Greg



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]