Hi all, This is a really basic question, and this should probably be obvious, but I've been seeing spam/phishing come through that looks like this:
From MAILER-DAEMON Tue Dec 02 13:31:02 2025 Return-Path: <> Delivered-To: [email protected] (an anonymized valid address, also postfix is fronting qmail here) [...] Received: (qmail 94203 invoked by uid 89); 2 Dec 2025 08:31:02 -0500 Date: 2 Dec 2025 08:31:02 -0500 Message-ID: <[email protected] <mailto:[email protected]>.com> Delivered-To: [email protected] Received: (qmail 94192 invoked by uid 0); 2 Dec 2025 08:31:02 -0500 Received: from vmmail.mydomain.com (HELO mx1.mydomain.com) (1.2.3.4) by mx1.mydomain.com with SMTP; 2 Dec 2025 08:31:02 -0500 Received: from [10.88.0.3] (166.161.185.35.bc.googleusercontent.com [35.185.161.166]) by mx1.mydomain.com (Postfix) with ESMTP id C440C1FBCA5A for <[email protected]>; Tue, 2 Dec 2025 08:31:01 -0500 (EST) Content-Type: multipart/related; boundary="===============8772321039767250689==" MIME-Version: 1.0 From: "my domain.com authenticate account" <[email protected]> To: [email protected] Subject: =?utf-8?q?=E2=9A=A0=EF=B8=8F_Please_Verify_Your_Email_Address=3Atech=40mydomain=2Ecom?= I've been at running smaller email servers for some time, and at one point I feel like I had a decent grasp of the basics, but these days - I dunno... :) I feel like I get into some specific bits of something like Postfix (for example TLS stuff, postscreen, maps for virtual setups) and then the old basics just fall out the other side of my head. Is the short answer that this is valid because if we didn't accept empty "mail from:" (envelope from), we'd never be accepting legitimate bounce/error messages? If I want to prevent *my* users from doing this, is there a simple option? Is it odd that gmail lets this sort of thing out? Thanks, Charles
_______________________________________________ Postfix-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
