Jul 212007
 

OpenBSD 4.1′s spamd(8) now includes default support for trapping SMTP clients using an envelope to: not listed in /etc/mail/spamd.alloweddomains.  If you only accept mail for example.com and example.org, put them in spamd.alloweddomains, and mail to: all other domains (relay attempts) are rejected and the host trapped.  Clean and effective.  Good job, Bob!

Parsing my logs, though, shows a lot of spam attempts using the envelope from: of my domains.  Email clients should use other acceptable means of submission/SMTP injection, including connecting with internal servers via VPN, where they’d never hit spamd.  If someone were using SMTP-after-POP, for example, they’d presumably get whitelisted and bypass spamd.

This patch against 4.1-STABLE is a quick copy-and-paste job (I’m not a C programmer), but it works for me.

So, if someone tries to send mail via my external spamd firewall, claiming to have an envelope from: of one of my domains, then I’m not going to accept the message and will trap the host.  It’s a virtual certainty you’re a spammer — if it’s from an actual user, then s/he needs to use another connectivity method.

spamd_trap_from_alloweddomains1.txt

Sorry, the comment form is closed at this time.