|Main Archive Page > Month Archives > postfix-users archives|
On 4/1/2011 11:36 AM, Drizzt wrote:
> On 2011-04-01 11:22:04 (-0500), Vernon A. Fort<firstname.lastname@example.org> wrote:
>> I'm trying to find a way to block/reject inbound messages forging our
>> internal email addresses. Meaning their inbound messages using MY email
>> address but there not originating from my server.
>> I cannot seem to find the correct solution. Anyone.
> With restriction classes you can drop this spoofing.
> Key is to first seperate your own server(s) (e.g. by giving them an OK
> before this check). Afterwards if the sender-domain matches any of your
> domain it must be spoofing (as only external servers reach this check)
> and you can just reject it.
No need for a restriction class. Just blacklist your own
domain after permit_mynetworks, permit_sasl_authenticated.
Note: this may reject a small amount of legit mail.
a quick example:
# NOTE: remove the next line if not using SASL
... other local checks ...
# replace example.com with your own domain name
example.com REJECT only authorized senders may use this address
remember to execute "postfix reload" after editing main.cf.
remember to execute "postmap sender_access" after editing it.
-- Noel Jones