Author Topic: Preventing Sending E-mails from Non-Existent Addresses: How to Verify Sender's E  (Read 2220 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
How to prevent sending e-mails from non-existent e-mail addresses? In other words, how should the sender's e-mail address be verified on the server before sending an e-mail, and then how should be followed to send it?

Offline
*
You are talking about email spoofing ?

Offline
*
Yes. When I look at the mail logo, non-existent mails on my server are constantly sending mail.
mail log:

cbpolicyd[3094]: module=Quotas, action=defer, host=185.208.23.255, helo=255.23.208.185.dynamic.electronicamartinez.es, from=ferdinand@he.com, to=ferdinand@he.com, reason=quota_match, policy=9, quota=6, limit=7, track=Sender:@he.com, counter=MessageCount, quota=51.66/50 (103.3%)

Offline
*
I think you need configure the SPF, DKIM and DMARC, also enable firewall and mod security.

Offline
*
Thank you for the answer. SPF, DKIM and DMARC are all active. also CSF and LFD firewall are up to date. However, the infiltration continues.

Offline
*****
Are you using postfix's postscreen, as well as having SpamAssassin in your mail chain?

Do you have something like this in your postfix main.cf? Note especially the "reject_unverified_sender" line:
Code: [Select]
smtpd_sender_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        check_sender_access hash:/etc/postfix/sender_access,
        reject_unknown_sender_domain,
        warn_if_reject,
        reject_unverified_sender,
        permit

Offline
*
thank you for the answer. I don't have the "permit" part in the last line of the "smtpd_sender_restrictions" section. should i add? what does it do?

Code: [Select]
smtpd_sender_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    check_sender_access hash:/etc/postfix/sender_access,
    reject_unknown_sender_domain,
    warn_if_reject,
    reject_unverified_sender

smtpd_recipient_restrictions =
check_policy_service inet:127.0.0.1:10031,
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net

Offline
*****
The trailing "permit" isn't necessary, strictly speaking, because there's an earlier "permit_mynetworks.". I just put it there because it makes it clear that whatever passes the earlier "check" and "reject" tests will be permitted.

FYI, you need an API key to use zen.spamhaus.org these days, so you need to obtain one and reconfigure that line. Right now it's not benefiting you at all. Here's a few suggested tweaks:
Code: [Select]
smtpd_recipient_restrictions =
permit_sasl_authenticated
permit_mynetworks
reject_invalid_hostname
reject_non_fqdn_sender
reject_non_fqdn_recipient
reject_unknown_sender_domain
reject_unknown_recipient_domain
reject_unlisted_recipient
reject_unauth_destination
check_client_access hash:/etc/postfix/rbl_override
check_recipient_access regexp:/etc/postfix/recipient_checks
check_helo_access hash:/etc/postfix/helo_checks
check_sender_access hash:/etc/postfix/sender_checks
check_client_access hash:/etc/postfix/client_checks
reject_rbl_client cn.country.spameatingmonkey.net
reject_rbl_client kp.country.spameatingmonkey.net
reject_rbl_client ng.country.spameatingmonkey.net
reject_rbl_client ru.country.spameatingmonkey.net
reject_rbl_client dnsbl.sorbs.net
reject_rbl_client b.barracudacentral.org
reject_rbl_client bl.spamcop.net
reject_rhsbl_sender dsn.rfc-clueless.org

Offline
*
Thank you very much for these advanced settings. It will greatly relieve the incoming mailbox.