From: [email protected]
[mailto:[email protected]] On Behalf Of Matt Hersant
Sent: Thursday, 21 May 2009 7:42 AM
To: [email protected]
Subject:
I'm having problems with spam for users who forge the sender to
appear as one of my domains. The spam is coming from an external mail
server. Is there anything I can add to my main.cf to combat this? Any
suggestions are appreciated.
smtpd_recipient_restrictions =
# allow password auth
permit_sasl_authenticated,
# allow local mail
permit_mynetworks,
# ease load on greylisting: drop wrong domains...
reject_unauth_destination,
# reject forged senders
reject_non_fqdn_sender,
# reject fake local senders
#check_sender_access /etc/postfix/local_host_names
...
# check RBL
reject_rbl_client sbl-xbl.spamhaus.org,
####
You might as well use zen.spamhaus.org instead of just sbl-xbl
If you're happy to block all email from external hosts that's purporting
to be from your senders, you can do a check_sender_access, which comes
after reject_unauth_destination. I'd put it after
reject_non_fqdn_sender, just to save the lookup. I see you have a
check_sender_access commented out already - perhaps your hash file was
wrong?
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination,
check_sender_access=hash:/etc/postfix/reject_fake_senders
Contents of reject_fake_senders:
#
yourdomain.example.com REJECT You are not sending from our network
yourdomain.example.gov.au REJECT
This won't work if you have senders relaying mail from external hosts
without authenticating, and it will break those subscription things that
use your recipient addresses as sender addresses (such as some online
"greeting cards" or newspaper notifications and the like). In our
domain, we don't care about rejecting such mail.
