Sering menerima email dari anda sendiri? Yang isinya file attachment bervirus atau mama minta pulsa :P. Kalo anda menggunakan GMAIL, Yahoo atau Hotmail mereka sudah bisa memfilter email seperti ini. Nah, ini buat yang mengelola sendiri mail server nya, terkhusus yang menggunakan postfix.

Buat daftar domain di /etc/postfix/domain_list

jaranguda.com REJECT Blacklisted

bila anda memiliki lebih 1 satu domain, buat daftarnya 1 baris satu domain. Kata Blacklisted disitu adalah pesan errornya.

edit file /etc/postfix/main.cf edit bagian smtpd_recipient_restrictions, kira-kira menjadi

smtpd_recipient_restrictions =
        permit_sasl_authenticated,
        permit_mynetworks,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unauth_pipelining,
        reject_unauth_destination,
        reject_unauth_pipelining,
        reject_unknown_sender_domain,
        reject_unknown_address,
        reject_unknown_recipient_domain,
        check_sender_access hash:/etc/postfix/access_sender

check_sender_access buat di bagian paling bawa rulenya.

restart postfix

service postfix restart

contoh log yang ngirim email spoof

Resolving hostname...
Connecting...
SMTP -> FROM SERVER:
220 tuba.jaranguda.com ESMTP Postfix
SMTP -> FROM SERVER: 
250-tuba.jaranguda.com
250-PIPELINING
250-SIZE 130720000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
MAIL FROM: mamamintapulsa@jaranguda.com
SMTP -> FROM SERVER:
250 2.1.0 Ok
RCPT TO: mamamintapulsa@jaranguda.com
SMTP -> FROM SERVER:
554 5.7.1 : Sender address rejected: Blacklisted
SMTP -> ERROR: RCPT not accepted from server: 554 5.7.1 : Sender address rejected: Blacklisted
 
Message sending failed.

Di log mail server muncul error seperti ini

Mar 24 15:39:53 mail postfix/smtpd[4673]: NOQUEUE: reject: RCPT from xxxxx.com[xxx.xxx.23]: 554 5.7.1 <mamamintapulsa@jaranguda.com>: Sender address rejected: Blacklisted; from=<mamamintapulsa@jaranguda.com> to=<mamamintapulsa@jaranguda.com> proto=ESMTP helo=<xxxx.com>

berarti rule yang kita buat berhasil memblokir domain/email spoof dari domain milik kita.

Leave a comment

Your email address will not be published. Required fields are marked *