[Postfix-br] Problemas com spam com email origem igual ao destino

Márcio Merlone marcio.merlone em a1.ind.br
Quinta Novembro 27 10:16:53 BRST 2014 

Olá,

Estou com preguiça hoje, dá uma olhada nesta thread que já rolou aqui 
antes com o mesmo problema:

http://listas.softwarelivre.org/pipermail/postfix-br/2013-April/000707.html

Sds.

On 27-11-2014 10:06, Claudio Junior wrote:
> Ola pessoal
>
> Hoje voltamos a receber emails que entram na caixa postal do usuário 
> com a origem e destino igual ao e-mail do usuário.
>
> O que é possível fazer nestes tipos de email?
>
> Vi que o sistema de spam rotulou ele de forma correta. Vou procurar 
> fazer o devido tratamento ali, mas existe mais alguma coias a se 
> fazer? Gostaria de barrar estes emails para que não entrassem no servidor.
>
> Abaixo minhas smtpd restrictions:
>
> smtpd_data_restrictions = reject_unauth_pipelining
> smtpd_end_of_data_restrictions =
> smtpd_etrn_restrictions =
> smtpd_helo_restrictions =
> smtpd_recipient_restrictions = permit_mynetworks 
>  reject_unauth_destination       reject_non_fqdn_sender 
>  reject_non_fqdn_recipient reject_unknown_sender_domain 
>  reject_unknown_recipient_domain  reject_unauth_pipelining 
> reject_rbl_client bl.spamcop.net <http://bl.spamcop.net>       
>  reject_rbl_client zen.spamhaus.org <http://zen.spamhaus.org> 
>  reject_rbl_client dnsbl.sorbs.net <http://dnsbl.sorbs.net> 
> check_sender_access cidr:/etc/postfix/cidr_koreia_china_nets   
>  check_policy_service inet:127.0.0.1:60000 <http://127.0.0.1:60000> 
> check_policy_service unix:private/policy-spf
> smtpd_sender_restrictions =
>
>
> Abaixo o cabeçalho do email com as informações.
>
> Return-Path: <www-data at das27.cloudapp.net 
> <mailto:www-data at das27.cloudapp.net>>
> Delivered-To: wellington at XXXXXXXXX.com.br 
> <mailto:wellington at XXXXXXXXX.com.br>
> Received: from localhost (localhost [127.0.0.1])
>         by srv03.XXXXXXXXX.com <http://srv03.XXXXXXXXX.com> (Postfix) 
> with ESMTP id 8498B7FCA4
>         for <wellington at XXXXXXXXX.com>; Thu, 27 Nov 2014 04:29:52 
> -0200 (BRST)
> X-Virus-Scanned: Debian amavisd-new at srv03.XXXXXXXXX.com.br 
> <http://srv03.XXXXXXXXX.com.br>
> X-Amavis-Alert: BAD HEADER SECTION, Non-encoded 8-bit data (char E1 hex):
>         Subject: ...ue seu ( CPF / CNPJ ) est\341 em fase de pro[...]
> Received: from mail.XXXXXXXXX.com.br <http://mail.XXXXXXXXX.com.br> 
> ([127.0.0.1])
>         by localhost (srv03.XXXXXXXXX.com.br 
> <http://srv03.XXXXXXXXX.com.br> [127.0.0.1]) (amavisd-new, port 10024)
>         with ESMTP id NbQc8jsNO1X3 for <wellington at XXXXXXXXX.com>;
>         Thu, 27 Nov 2014 04:29:51 -0200 (BRST)
> X-Greylist: delayed 455 seconds by postgrey-1.32 at srv03; Thu, 27 Nov 
> 2014 04:29:46 BRST
> Received-SPF: None (no SPF record) identity=mailfrom; 
> client-ip=168.61.8.93; helo=das27.das27.d4.internal.cloudapp.net 
> <http://das27.das27.d4.internal.cloudapp.net>; 
> envelope-from=www-data at das27.cloudapp.net 
> <mailto:www-data at das27.cloudapp.net>; receiver=wellington at XXXXXXXXX.com
> Received: from das27.das27.d4.internal.cloudapp.net 
> <http://das27.das27.d4.internal.cloudapp.net> (unknown [168.61.8.93])
>         by srv03.XXXXXXXXX.com <http://srv03.XXXXXXXXX.com> (Postfix) 
> with ESMTP id 9C1287FCA2
>         for <wellington at XXXXXXXXX.com>; Thu, 27 Nov 2014 04:29:45 
> -0200 (BRST)
> Received: by das27.das27.d4.internal.cloudapp.net 
> <http://das27.das27.d4.internal.cloudapp.net> (Postfix, from userid 33)
>         id 9A36024582; Thu, 27 Nov 2014 06:18:43 +0000 (UTC)
> To: wellington at XXXXXXXXX.com
> Subject: Comunicamos que seu ( CPF / CNPJ ) est<E1> em fase de 
> protesto. (75753)
> X-PHP-Originating-Script: 0:imo30.php
> MIME-Version: 1.0
> Content-type: text/html; charset=iso-8859-1
> X-Mailer: Microsoft Office Outlook, Build 17.551210
> Content-Transfer-encoding: 8bit
> From: wellington at XXXXXXXXX.com
> Reply-To: wellington at XXXXXXXXX.com
> X-Mailer: iGMail [www.ig.com.br <http://www.ig.com.br>]
> X-Originating-Email: wellington at XXXXXXXXX.com
> X-Sender: wellington at XXXXXXXXX.com
> X-iGspam-global: Unsure, spamicity=0.570081 - pe=5.74e-01 - 
> pf=0.574081 - pg=0.574081
> Message-Id: 
> <20141127061843.9A36024582 at das27.das27.d4.internal.cloudapp.net 
> <mailto:20141127061843.9A36024582 at das27.das27.d4.internal.cloudapp.net>>
> Date: Thu, 27 Nov 2014 06:18:43 +0000 (UTC)
>
> Obrigado pela atenção
>
> --
> Claudio da Silva Junior
> csjunior at gmail.com <mailto:csjunior at gmail.com>
>
>
> _______________________________________________
> Postfix-br mailing list
> Postfix-br at listas.softwarelivre.org
> http://listas.softwarelivre.org/cgi-bin/mailman/listinfo/postfix-br

-- 
*Marcio Merlone*
TI - Administrador de redes

*A1 Engenharia - Unidade Corporativa*
Fone: 	+55 41 3616-3797
Cel: 	+55 41 9689-0036

http://www.a1.ind.br/ <http://www.a1.ind.br>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/postfix-br/attachments/20141127/20931be6/attachment.html>

More information about the Postfix-br mailing list