efa-project.org


https://forum.efa-project.org/

Rule based on secondary Mail Server

https://forum.efa-project.org/viewtopic.php?t=1731

Page 1 of 1

Rule based on secondary Mail Server

Posted: 06 Jul 2016 12:57
by nicola.piazzi
Hi
I watched at this project :
http://wiki.junkemailfilter.com/index.p ... ct_tarbaby
Basically they want to harvest spam watching mail thet was sent to your lowers mx records
I dont like to send my email to other people but I have a great idea from this to make a new powerful rule :

Suppose to have an efa server called MX.company.com at address 195.120.14.20, now we have this mx record :
@ MX 10 mx.company.com
mx A 195.120.14.20

Now we want to select mail that are intentionally sent to highest records using the same mailserver
@ MX 10 mx.company.com
@ MX 20 mxtar.company.com
mx A 195.120.14.20
mxtar A 195.120.14.20

So you see that mxtar.company.com point to the same EFA server ip address

Is there a way to find in the header that a mail was sent to 195.120.14.20 using resolution mxtar.company.com instead mx.company.com so to give it an extra penality score ?

Re: Rule based on secondary Mail Server

Posted: 06 Jul 2016 17:13
by pdwalker
I wouldn't want to do this myself, as having higher value MX records is important and necessary, especially if you do have multiple mail servers accepting your incoming mail, or a backup mail host.

However, if you wish to do this, it shouldn't be hard to set a rule to check for the domain.

I'm not at my computer, but tomorrow I'll create a spamassassin rule and test it for you.

Re: Rule based on secondary Mail Server

Posted: 07 Jul 2016 06:39
by nicola.piazzi
@ MX 10 mx.company.com
@ MX 20 mxtar.company.com
mx A 195.120.14.20
mxtar A 195.120.14.20

I have no evidence in the header if someone use mxtar to connect to efa !
I also have no evidence in the message log :(
I suppose that is because the client solve the name and point the ip address and i think there is no way to have an evidence of what name the client used to have the 'same' ip of mailserver

Re: Rule based on secondary Mail Server

Posted: 07 Jul 2016 08:13
by pdwalker
yep. you're right. the information is not there.

I have one mail gateway with three public ip addresses, but that information of the receiving ip address is not recorded in the headers, only the information defined in the postfix configuration files (myhostname).

So, to make what you want to do work, you would need more than one public ip, and a separate postfix process on every incoming ip address. Then you could distinguish which connection came from where by making sure the different postfix installations had different values for "myhostname" in the main.cf configuration file.

Other than having different efa installations, I'm not sure how that'd be set up and configured.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited