Message Board

Donating MX Entries

Older Posts ]   [ Newer Posts ]
 Spammer bypassing honeypot MX record (Postfix mail server)
Author: H.Nienhuys   (2 Apr 14 5:53am)
My hosting ISP informed me of complaints of my server sending spam. Most likely the complainant was this project. This needs to be solved, otherwise I will have to retract my MX donation (so far good for 2 million emails) permanently.

All domain names are fictuous. I own the domain example.com. The MX record for "honeypot.example.com" was pointing to "trap.projecthoneypot.net".

Spammers send email addressed to "someone@honeypot.example.com" not to the honeypot server, but rather to my server. My mail server happily forwards the email to trap.projecthoneypot.net, which then flags my server as a spam sender.

I'm not an expert on Postfix configuration (mostly default settings of CentOS 6, plus an RBL) and googling for "project honeypot postfix configuration" did not give clear hints. Normally my postfix installation will not relay mail to foreign servers, but in this case it looks like it WILL relay to servers for mail addressed to the "honeypot.example.com" domain.
 
 Re: Spammer bypassing honeypot MX record (Postfix mail server)
Author: H.Nienhuys   (6 Apr 14 4:57am)
Update: I solved it. The Postfix configuration was:

myhostname = example.com
mydomain = example.com
mydestination = $myhostname, localhost.$mydomain, localhost

The honeypot domain was "honeypot.example.com" with MX "trap.projecthoneypot.net" as defined in the DNS configuration. By default, Postfix assumes that mail destinations as mathed by $mydestination can be relayed. I hadn't realized that the $myhostname parameter would be interpreted as a domain wildcard match.So, Postfix would happily relay mail for "someone@honeypot.example.com" via the "trap.projecthoneypot.net" server. If I change $myhostname to mail.example.com, Postfix will no longer relay the honeypot mail, but unfortunately also not accept mail for legitimate_user@example.com.

Solution: add a configuration line to the Postfix configuration file:

relay_domains =

(Instead of the implicit default "relay_domains = $mydestination")

Post Edited (6 Apr 14 6:15am)
 
 Re: Spammer bypassing honeypot MX record (Postfix mail server)
Author: B.Coleman   (10 Apr 14 2:36pm)
Postconf also shows that there is a parent_domain_matches_subdomain setting, which by default includes relay_domains. The is probably the reason that your honeypot.example.com domain was being relayed. Another fix would be to set up an explicit parent_domain_matches_subdomain entry which does *not* include relay_domains.



You may browse the discussion topics, but you must sign in to post. If you do not have an account, you can create one for free.

do not follow this link

Privacy Policy | Terms of Use | About Project Honey Pot | FAQ | Cloudflare Site Protection | Contact Us

Copyright © 2004–24, Unspam Technologies, Inc. All rights reserved.

contact | wiki | email