Re: [courier-users] SPAM over SMTP
Brought to you by:
mrsam
Menu
▾
▴
Re: [courier-users] SPAM over SMTP
|
From: gerard5609 <ger...@gm...> - 2023-01-27 08:40:32
|
On 26/01/2023 17:31, Alexey Ivanov via courier-users wrote: > Hi, > Recently I have started to receive SPAM from mail.governorsperic.xyz in this particular case, a simple SPF check would have stopped it. dig governorsperic.xyz TXT +nocomments ; <<>> DiG 9.18.1-1ubuntu1.3-Ubuntu <<>> governorsperic.xyz TXT +nocomments ;; global options: +cmd ;governorsperic.xyz. IN TXT governorsperic.xyz. 3589 IN TXT "v=spf1 -all" dig mail.governorsperic.xyz TXT +nocomments ; <<>> DiG 9.18.1-1ubuntu1.3-Ubuntu <<>> mail.governorsperic.xyz TXT +nocomments ;; global options: +cmd ;mail.governorsperic.xyz. IN TXT mail.governorsperic.xyz. 3600 IN TXT "v=spf1 -all" AFAIK this means 'our domain is not intended to send mail'. So your mail server could have answered quite rightfully to any MAIL FROM originating from mail.governorsperic.xyz with some 550 answer (rejected by policy). It's quite doable with Courier. Now next problem are phony domains provided by creepy registrars dealing with shady TLDs, these domains have quite normal SPF records and can't be filtered like that. AFAIK there are only 2 workarounds: either relying on RBL or banning whole TLDs. There is a TLD spam index. Here it is: https://www.spamhaus.org/statistics/tlds/ Gerard > The porblem is, that that MTA allows to smbd may be to the owner > to send emails like from (in my case) my domain, which won’t work > otherwise > over IMAP. I have banned that domain in my local DNS, but it didn’t help. > As commonly used by companies, mostly start-ups the domain name > in the email and responsible MTA agent are not matching like in my case. > One of the best examples is outlook.office365.com, which work for many > domains not related to the given one. > May be I was not clear… > here an example: > SMTP = smtp.office365.com > EMAIL = na...@my... > Obviously I don’t have control over smtp.office365.com > But I don’t wish any one send me an email with address like: > na...@my... > because, that user is (may be) not existent and surely not authenticated. > What is the best practice to do in such a case? > Ban mail.governorsperic.xyz from sending me mails? But they can create > another one like that. What if it will be smtp.office365.com ? > I cannot ban it obviously w/o loosing tons of emails. > I wish that no one can send me emails from outside with my own domain, > what ever server it might be! > If they will be using other domain (not mine) I don’t have any chances > to prove, whether it is valid mail address (domain) or not. At least > it would be less confusing. > P.S. I know, that field FROM — can contain anything, not even related > to the origin domain. > Thx > -- > Alex > > > _______________________________________________ > courier-users mailing list > cou...@li... > Unsubscribe:https://lists.sourceforge.net/lists/listinfo/courier-users |
