[gentoo-user] [uOT] Thunderbird, Mozilla and HELO

public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed

* [gentoo-user] [uOT] Thunderbird, Mozilla and HELO
@ 2006-11-02 19:39 Rasmus Andersen
  2006-11-03 10:53 ` Jonathan Wright
  0 siblings, 1 reply; 2+ messages in thread
From: Rasmus Andersen @ 2006-11-02 19:39 UTC (permalink / raw
  To: gentoo-user

Hi list,

I have a slightly offtopic question that I hope I can get help with
here. I have a home server, running an MTA for my domain. As of the last
month or so, I have experienced a huge increase in spam and spam
bounces. To combat this, I have upped my MTA's pickyness quite a bit but
would like to up it more. Specifically, I would like to reject mail
where sender says HELO jaquet.dk and/or where the Received line looks
like .*@jaquet.dk (my MTA's Received stamps are of the form
.*@mail.jaquet.dk). Spammers like to use these to 'fake' their way
through.

This brings me to the point, because it seems like mozilla and
thunderbird (my GF uses one, I use the other) grabs the domain
information they use in their SMTP exchanges from the sender email address.
So, when my GF sends from work via their MTAs to my home server as
x@jaquet.dk, that mail will run afoul of this rule since the first
Received will look like

Received: from jaquet.dk (XXXX)
by mail.XXX.dk (Postfix) with ESMTP id 75FE532CD4C
etc

even though her laptop at the point of sending isnt connected to my
network.

So, the question. Do anyone know how to fix this? I found a bugzilla
entry for this, https://bugzilla.mozilla.org/show_bug.cgi?id=68877,
with a final comment that this have been committed to tbird 0.6 and
mozilla 1.7 in 2005. I am running tbird 1.5.0.7 and still sees this. 
Any clues?

Thanks,
  Rasmus

-- 
gentoo-user@gentoo.org mailing list

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [gentoo-user] [uOT] Thunderbird, Mozilla and HELO
  2006-11-02 19:39 [gentoo-user] [uOT] Thunderbird, Mozilla and HELO Rasmus Andersen
@ 2006-11-03 10:53 ` Jonathan Wright
  0 siblings, 0 replies; 2+ messages in thread
From: Jonathan Wright @ 2006-11-03 10:53 UTC (permalink / raw
  To: gentoo-user

Rasmus Andersen wrote:
> I have a slightly offtopic question that I hope I can get help with
> here. I have a home server, running an MTA for my domain. As of the last
> month or so, I have experienced a huge increase in spam and spam
> bounces. To combat this, I have upped my MTA's pickyness quite a bit but
> would like to up it more. Specifically, I would like to reject mail
> where sender says HELO jaquet.dk and/or where the Received line looks
> like .*@jaquet.dk (my MTA's Received stamps are of the form
> .*@mail.jaquet.dk). Spammers like to use these to 'fake' their way
> through.

I'm not sure about blocking a specific HELO request, but I added the 
following configuration to my main.cf, and combined with postgrey, my 
Spam dropped from 150 per day to around 50 per month:

# Set the server to reject any unauthorised e-mails and set what can
# and can't be sent or received by the server
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions =
         permit_mynetworks
         reject_non_fqdn_hostname
         reject_invalid_hostname
         reject_rbl_client xbl-xbl.spamhaus.org
         reject_rbl_client bl.spamcop.net
         reject_rbl_client relays.ordb.org
         permit
smtpd_recipient_restrictions =
         permit_sasl_authenticated
         reject_non_fqdn_recipient
         reject_unauth_destination
         permit
smtpd_sender_restrictions =
         permit_sasl_authenticated
         reject_non_fqdn_sender
         reject_unknown_sender_domain
         reject_unauth_destination
         # can't move from here as needs to know sender
         check_policy_service unix:private/postgrey
         permit
smtpd_data_restrictions =
         reject_multi_recipient_bounce
         permit

I've also added the following lines to prevent clients from  trying 
address after address in the same connection:

# Limit the number of addresses the remove server can
# send mail to, also adjusting the error calculation level
smtpd_recipient_limit = 3
smtpd_recipient_overshoot_limit = 1


That helped my server and account greatly with no (apparent) risk to 
genuine mail either.

-- 
  Jonathan Wright                                 mail@djnauk.co.uk
                                                http://djnauk.co.uk

  cat /dev/random (you never know, you may see something you like!)

  2.6.17-gentoo-r3-djnauk-b1 AMD Athlon(tm) XP 2100+
  up 57 days, 17:24, 1 user, load average: 0.78, 0.63, 0.30
-- 
gentoo-user@gentoo.org mailing list



^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2006-11-03 11:02 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-11-02 19:39 [gentoo-user] [uOT] Thunderbird, Mozilla and HELO Rasmus Andersen
2006-11-03 10:53 ` Jonathan Wright

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox