1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Urgent: Plesk 9.5.2 and postfix accepts mail without checks

Discussion in 'Plesk 9.x for Linux Issues, Fixes, How-To' started by Nikos Ioakeim, Jun 6, 2010.

  1. Nikos Ioakeim

    Nikos Ioakeim Guest

    0
     
    Hi to all,
    i have a very urgent matter that i need to resolve as soon as possible.

    I decided to revert my mail server to postfix to gain more flexibility for fighting spam. Instead i got a bigger problem now. Everything is working fine on submission port 587 but when it comes to port 25, anyone can send an email stating that is a local user, without even forging the envelope-from. In more detail, when a mail comes to the host claiming to be a local user that sends an email to a local user, the system must require an authentication. Instead it fails only if the mail is going to an outside domain.

    Is there a way to tell postfix that local users need to authenticate no matter where they send mail to?

    One last thing. I have many complaints from users, that they receive mail claiming to be by their mail but instead, it's a forgery of the envelope-from and header from:. The spammer sends email from a valid email, and then forges the From: and To: in the data part, so the users see the forged sender address.

    Is there any way to check using header_checks these 2 inputs to identify spam?

    Please Parallels this is a very urgent call.

    Thank you in advance

    PS: I could give out some ip's to check it out, but it would lead to greater problems.
     
  2. IgorG

    IgorG Forums Analyst Staff Member

    49
    24%
    Joined:
    Oct 27, 2009
    Messages:
    24,572
    Likes Received:
    1,243
    Location:
    Novosibirsk, Russia
  3. fearz

    fearz Regular Pleskian

    25
    57%
    Joined:
    Feb 29, 2008
    Messages:
    170
    Likes Received:
    0
    User RBL checks

    RBL checks (zen.spamhaus.org) stopped the spam emails that shows it is coming from the own sender
     
  4. Red Paint

    Red Paint Basic Pleskian

    26
    23%
    Joined:
    Aug 19, 2009
    Messages:
    78
    Likes Received:
    1
    Hi Igor,

    Can you describe what these commands do (looks like remove folder and recreate?) and whether they can be run on a live server and if they will work on FreeBSD?

    Thanks
     
Loading...