[lug] Postfix/spam reality check question..

Chip Atkinson chip at pupman.com
Wed Dec 1 13:16:52 MST 2004 

Thanks for the reply. From the header, it doesn't look like it's
forwarded.  It's certainly not from an MTA/MUA that is friendly and above
board.  The weird thing is the "To:" is totally wrong.  That's why I
thought a message like this would have been rejected.

Return-Path: <mrbarton at ix.netcom.com>
X-Original-To: chip at pupman.com
Delivered-To: chip at pupman.com
X-Greylist: delayed 1690 seconds by postgrey-1.16 at poodle; Wed,
     01 Dec 2004 10:55:51 MST
Received: from mx8.bluewin.ch (mx8.bluewin.ch [195.186.4.211])
        by poodle.pupman.com (Postfix) with ESMTP id 23712F659
        for <chip at pupman.com>; Wed,  1 Dec 2004 10:55:51 -0700 (MST)
Received: from localhost (81.63.52.189) by mx8.bluewin.ch (Bluewin AG
7.0.030.2)
        id 41A198D8004EF949; Wed, 1 Dec 2004 17:27:35 +0000
From: <mrbarton at ix.netcom.com>
Reply-To: <mrbarton at ix.netcom.com>
X-Priority: 3 (Normal)
X-MailScanner: Found to be clean
Subject: Re: Hi, po  heres the document
To: <po at bluemail.ch>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="dGDWmEQjIJmigFBYYLvtAsSDIOvydonm"
Message-Id: <20041201175551.23712F659 at poodle.pupman.com>



On Wed, 1 Dec 2004, Lee Woodworth wrote:

> Chip Atkinson wrote:
> > Greetings,
> > 
> > Recently I installed postfix with SPF and postgrey greylisting.  Before I
> > got greylisting going, it seemed that postfix was rejecting messages where
> > the "From " was different from the "Helo" and "From:".
> I don't think the From_ (From with trailing space) is an SMTP or MIME 
> header. It's used in unix mailbox files to separate messages.
> > 
> > Is this the default/expected behavior for postfix with 
> > smtpd_recipient_restrictions =
> >     reject_unlisted_recipient
> >     reject_unknown_sender_domain
> >     reject_unauth_destination
>  From man 5 postconf, reject_unlisted_recipient and 
> reject_unauth_destination work against the RCPT TO command value. The 
> reject_unknown_sender_domain restriction uses the MAIL FROM command 
> value. Probably not the cause of the problem.
> 
> >     check_policy_service inet:127.0.0.1:10023
> >     check_policy_service unix:private/spf
> The spf service is sensitive to the EHLO/HELO and MAIL FROM command 
> values. Looking at the SPF related whitepaper at spf.pobox.com, it looks 
> like forwarded messages may be considered forgeries (since the 
> forwarding server isn't the original MTA that is authorized to send mail 
> for the MAIL FROM domain). Is it only forwarded mail that is improperly 
> rejected?
> > 
> > in main.cf?
> > 
> > Oh, check_policy_service inet:127.0.0.1:10023 is the greylist server.
> > 
> > Thanks in advance.
> > 
> > Chip
> > 
> > 
> > _______________________________________________
> > Web Page:  http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
>

More information about the LUG mailing list