Joe Jobbing countermeasures
This is a discussion on Joe Jobbing countermeasures within the mailing.postfix.users forums, part of the Mail Servers and Related category; This is effective agains joe jobs. 1) Turn on local_recipient_maps to reject mail for non-existent users (and relay_recipient_maps, if ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-03-2004
|
|||
|
|||
Joe Jobbing countermeasures
This is effective agains joe jobs.
1) Turn on local_recipient_maps to reject mail for non-existent users (and relay_recipient_maps, if appropriate) 2) Set smtpd_error_sleep_time=0 in main.cf. 3) Set smtpd_timeout=10s in main.cf. 4) Add a header_checks regexp that triggers on bogus HELO hostnames in the Received: headers of bounced mail: /^Received:[[:space:]]*from[[:space:]]*porcupine.org/ reject forged helo or whatever your domain name is. This relies on the fact that spam/virusware sends the sender address's domain in the SMTP HELO/EHLO command. All my systems send "EHLO hostname.porcupine.org" so this pattern exposes forged mail. Other sites might want to look at the IP address that is logged along with the HELO hostname in the Received: header. If it's not theirs, reject it. Wietse 
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 05:54 PM.
