[Postfix-br] Problemas com spam recebidos

Claudio Junior csjunior em gmail.com
Terça Abril 1 12:20:49 BRT 2014 

Ola pessoal

Estou tendo problemas com spam recebidos no qual no cliente do usuário
aparece que o email de origem é o mesmo email do usuário, isto é, o email
de origem é igual ao email de destino.

Hoje tenho no meu postfix as seguintes regras no main.conf:


smtpd_client_restrictions =
smtpd_helo_restrictions =

smtpd_sender_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        check_sender_access hash:/etc/postfix/access,
        check_sender_access cidr:/etc/postfix/cidr_koreia_china_nets
        reject_non_fqdn_sender,
        reject_unknown_sender_domain,
#       warn_if_reject reject_unverified_sender,
        permit

smtpd_recipient_restrictions =
   permit_mynetworks
#   permit_sasl_authenticated
   reject_unauth_destination
   check_policy_service inet:127.0.0.1:60000
   check_policy_service unix:private/policy-spf
   reject_non_fqdn_sender
   reject_non_fqdn_recipient
   reject_unknown_recipient_domain
   reject_rbl_client bl.spamcop.net
   reject_rbl_client zen.spamhaus.org
   reject_rbl_client dnsbl.sorbs.net

No arquivo /etc/postfix/access tenho duas linhas com o um REJECT no meu
dominio (ou dominios).

O header do email que estou recebendo é:

Return-Path: <"www-data at mmnishida"@ig.com.br>
Delivered-To: wellington at xxxxxxxx.coop.br
Received: from localhost (localhost [127.0.0.1])
    by srv03xxxxxxxx.xxxxxxxx.com (Postfix) with ESMTP id F256C7FCA6
    for <wellington at xxxxxxxx.com>; Mon, 31 Mar 2014 01:50:10 -0300 (BRT)
X-Virus-Scanned: Debian amavisd-new at srv03xxxxxxxx.xxxxxxxx.coop.br
X-Amavis-Alert: BAD HEADER SECTION, Non-encoded 8-bit data (char F3 hex):
    Subject: (URGENTE) Comprovante de Dep\363sito (66703)
Received: from mail.xxxxxxxx.coop.br ([127.0.0.1])
    by localhost (srv03xxxxxxxx.xxxxxxxx.coop.br [127.0.0.1]) (amavisd-new,
port 10024)
    with ESMTP id y6R8q59HOfXP for <wellington at xxxxxxxx.com>;
    Mon, 31 Mar 2014 01:50:05 -0300 (BRT)
X-Greylist: delayed 596 seconds by postgrey-1.32 at srv03xxxxxxxx; Mon, 31
Mar 2014 01:50:02 BRT
Received-SPF: None (no SPF record) identity=mailfrom;
client-ip=138.91.20.116; helo=npx11.npx11.m5.internal.cloudapp.net;
envelope-from=www-data at mmnishida@ig.com.br; receiver=wellington at xxxxxxxx.com

Received: from npx11.npx11.m5.internal.cloudapp.net (unknown
[138.91.20.116])
    by srv03xxxxxxxx.xxxxxxxx.com (Postfix) with ESMTP id 813A97FCA4
    for <wellington at xxxxxxxx.com>; Mon, 31 Mar 2014 01:50:02 -0300 (BRT)
Received: by npx11.npx11.m5.internal.cloudapp.net (Postfix, from userid 33)
    id C990B21B38; Mon, 31 Mar 2014 04:38:28 +0000 (UTC)
To: wellington at xxxxxxxx.com
Subject: (URGENTE) Comprovante de Depsito (66703)
X-PHP-Originating-Script: 0:wwew.php
MIME-Version: 1.0
Content-type: text/html; charset=iso-8859-1
X-Mailer: Microsoft Office Outlook, Build 17.551210
Content-Transfer-encoding: 8bit
From: wellington at xxxxxxxx.com
Reply-To: wellington at xxxxxxxx.com
X-Mailer: iGMail [www.ig.com.br]
X-Originating-Email: wellington at xxxxxxxx.com
X-Sender: wellington at xxxxxxxx.com
X-iGspam-global: Unsure, spamicity=0.570081 - pe=5.74e-01 - pf=0.574081 -
pg=0.574081
Message-Id: <20140331043828.C990B21B38 at npx11.npx11.m5.internal.cloudapp.net>
Date: Mon, 31 Mar 2014 04:38:28 +0000 (UTC)


Alguém sabe o que pode ser? Como é um ambiente de produção, esta difiicl
ficar fazendo testes. Preciso implementar uma configuração que barre este
tipo de emails.


--
Claudio da Silva Junior
csjunior at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/postfix-br/attachments/20140401/c9b48fb5/attachment.html>

More information about the Postfix-br mailing list