postfix-users April 2011 archive
Main Archive Page > Month Archives  > postfix-users archives
postfix-users: Re: rejecting forged emails

Re: rejecting forged emails

From: Noel Jones <njones_at_nospam>
Date: Fri Apr 01 2011 - 18:17:26 GMT

On 4/1/2011 11:36 AM, Drizzt wrote:
> On 2011-04-01 11:22:04 (-0500), Vernon A. Fort<> wrote:
>> I'm trying to find a way to block/reject inbound messages forging our
>> internal email addresses. Meaning their inbound messages using MY email
>> address but there not originating from my server.
>> I cannot seem to find the correct solution. Anyone.
>> Vernon
> With restriction classes you can drop this spoofing.
> Key is to first seperate your own server(s) (e.g. by giving them an OK
> before this check). Afterwards if the sender-domain matches any of your
> domain it must be spoofing (as only external servers reach this check)
> and you can just reject it.

No need for a restriction class. Just blacklist your own
domain after permit_mynetworks, permit_sasl_authenticated.

Note: this may reject a small amount of legit mail.

a quick example:

smtpd_recipient_restrictions =
# NOTE: remove the next line if not using SASL
   check_sender_access hash:/etc/postfix/sender_access
   ... other local checks ...

# sender_access
# replace with your own domain name REJECT only authorized senders may use this address

remember to execute "postfix reload" after editing
remember to execute "postmap sender_access" after editing it.

   -- Noel Jones