[Postfix-br] Problemas com spam recebidos
vic
vic em wa.pro.br
Quarta Abril 2 16:23:48 BRT 2014
Em 2014-04-01 12:20, Claudio Junior escreveu:
> Ola pessoal
>
> Estou tendo problemas com spam recebidos no qual no cliente do
> usuário aparece que o email de origem é o mesmo email do usuário,
> isto é, o email de origem é igual ao email de destino.
>
> Hoje tenho no meu postfix as seguintes regras no main.conf:
>
> smtpd_client_restrictions =
> smtpd_helo_restrictions =
>
> smtpd_sender_restrictions =
> permit_mynetworks,
> permit_sasl_authenticated,
> check_sender_access hash:/etc/postfix/access,
> check_sender_access
> cidr:/etc/postfix/cidr_koreia_china_nets
> reject_non_fqdn_sender,
> reject_unknown_sender_domain,
> # warn_if_reject reject_unverified_sender,
> permit
>
> smtpd_recipient_restrictions =
> permit_mynetworks
> # permit_sasl_authenticated
> reject_unauth_destination
> check_policy_service inet:127.0.0.1:60000 [1]
> check_policy_service unix:private/policy-spf
> reject_non_fqdn_sender
> reject_non_fqdn_recipient
> reject_unknown_recipient_domain
> reject_rbl_client bl.spamcop.net [2]
> reject_rbl_client zen.spamhaus.org [3]
> reject_rbl_client dnsbl.sorbs.net [4]
>
> No arquivo /etc/postfix/access tenho duas linhas com o um REJECT no
> meu dominio (ou dominios).
>
> O header do email que estou recebendo é:
>
> Return-Path: <"www-data at mmnishida"@ig.com.br [5]>
> Delivered-To: wellington at xxxxxxxx.coop.br
> Received: from localhost (localhost [127.0.0.1])
> by srv03xxxxxxxx.xxxxxxxx.com [6] (Postfix) with ESMTP id
> F256C7FCA6
> for <wellington at xxxxxxxx.com>; Mon, 31 Mar 2014 01:50:10 -0300
> (BRT)
> X-Virus-Scanned: Debian amavisd-new at srv03xxxxxxxx.xxxxxxxx.coop.br
> [7]
> X-Amavis-Alert: BAD HEADER SECTION, Non-encoded 8-bit data (char F3
> hex):
> Subject: (URGENTE) Comprovante de Dep363sito (66703)
> Received: from mail.xxxxxxxx.coop.br [8] ([127.0.0.1])
> by localhost (srv03xxxxxxxx.xxxxxxxx.coop.br [7] [127.0.0.1])
> (amavisd-new, port 10024)
> with ESMTP id y6R8q59HOfXP for <wellington at xxxxxxxx.com>;
> Mon, 31 Mar 2014 01:50:05 -0300 (BRT)
> X-Greylist: delayed 596 seconds by postgrey-1.32 at srv03xxxxxxxx;
> Mon, 31 Mar 2014 01:50:02 BRT
> Received-SPF: None (no SPF record) identity=mailfrom;
> client-ip=138.91.20.116; helo=npx11.npx11.m5.internal.cloudapp.net
> [9]; envelope-from=www-data at mmnishida@ig.com.br [5];
> receiver=wellington at xxxxxxxx.com
> Received: from npx11.npx11.m5.internal.cloudapp.net [9] (unknown
> [138.91.20.116])
> by srv03xxxxxxxx.xxxxxxxx.com [6] (Postfix) with ESMTP id
> 813A97FCA4
> for <wellington at xxxxxxxx.com>; Mon, 31 Mar 2014 01:50:02 -0300
> (BRT)
> Received: by npx11.npx11.m5.internal.cloudapp.net [9] (Postfix, from
> userid 33)
> id C990B21B38; Mon, 31 Mar 2014 04:38:28 +0000 (UTC)
> To: wellington at xxxxxxxx.com
> Subject: (URGENTE) Comprovante de Depsito (66703)
> X-PHP-Originating-Script: 0:wwew.php
> MIME-Version: 1.0
> Content-type: text/html; charset=iso-8859-1
> X-Mailer: Microsoft Office Outlook, Build 17.551210
> Content-Transfer-encoding: 8bit
> From: wellington at xxxxxxxx.com
> Reply-To: wellington at xxxxxxxx.com
> X-Mailer: iGMail [www.ig.com.br [10]]
> X-Originating-Email: wellington at xxxxxxxx.com
> X-Sender: wellington at xxxxxxxx.com
> X-iGspam-global: Unsure, spamicity=0.570081 - pe=5.74e-01 -
> pf=0.574081 - pg=0.574081
> Message-Id:
> <20140331043828.C990B21B38 at npx11.npx11.m5.internal.cloudapp.net>
> Date: Mon, 31 Mar 2014 04:38:28 +0000 (UTC)
>
> Alguém sabe o que pode ser? Como é um ambiente de produção, esta
> difiicl ficar fazendo testes. Preciso implementar uma configuração
> que barre este tipo de emails.
>
> --
> Claudio da Silva Junior
> csjunior at gmail.com
>
Configure SPF no(s) seu(s) domínio(s).
--
vic
choppnerd.com
donttrack.us | dontbubble.us
More information about the Postfix-br
mailing list