Checking From inside the message

Andrei Brezan andrei693 at gmail.com
Mon Dec 22 10:11:08 CET 2014 

On 12/22/14 08:27, akrus wrote:
> Hi,
>
> Recently I've received an email with fake 'From' that had my local 
> domain inside. To correctly understand what's wrong there, here are 
> explanations:
> 1) my domain is 'flygroup.st'
> 2) external domain is 'external.org' (just an example)
>
> Sending similar email:
> [external.org] # telnet mail.flygroup.st 25
> HELO external.org
> 250 ...
> MAIL FROM: <test at external.org>
> 250 ...
> RCPT TO: <anyone at flygroup.st>
> 250 ...
> DATA
> Message-ID: <439095212 at external.org>
> From: Me <external.org at flygroup.st>
> To: <anyone at flygroup.st>
> Subject: test
> Date: Sun, 21 Dec 2014 13:34:14 -0700
> Content-Language: en-us
> x-virtual-mta: vmta1
> Content-Transfer-Encoding: 8bit
> Content-Type: text/plain; charset="UTF-8"
> Return-Path: test at external.org
> MIME-Version: 1.0
>
> test
> .
> 250 ...
>
> So such email gets delivered fine. And the problem is email client 
> shows this email as being sent from local domain (so it's possible to 
> put there local fake sender and people would think it's someone from 
> the company). I've been checking documentation for both postfix and 
> amavisd, also found some discussions on this, but no possible 
> solution. Could you point me in a right direction?
>
> Thanks in advance!
>

What I have in postfix so mitigate this is (check_sender_access is 
relecant here):

smtpd_sender_restrictions =
   check_sender_access regexp:/usr/local/etc/postfix/tag_as_originating.re,
   permit_sasl_authenticated,
   permit_mynetworks,
   check_client_access hash:/usr/local/etc/postfix/rbl_override,
   check_sender_access hash:/usr/local/etc/postfix/access_table,
   check_sender_access regexp:/usr/local/etc/postfix/tag_as_foreign.re

and in access_table:

domain1.com       REJECT You're not me!
domain2.com       REJECT You're not me!

This might break e-mails sent back to you from mailing lists, your own 
posts to the list if you use that feature. Also gmail suffers from this 
issue, you are not able to receive your own posts to mailing lists.

If there is a better solution for this I'm also interested.

-- 
Andrei

More information about the amavis-users mailing list