On 2017-10-20 19:51:07 (+0200), Rick van Rein wrote:
I see a lot of spam entering that claims to have come from a local domain, usually guessing a non-existent account. I've been looking for a way to "reject_unverified_local_sender", by which I mean that the sender address is verified iff it occurs in virtual_alias_domains (and perhaps a few other lists).
Wouldn't it be a lot easier simply to reject those with SPF? If you're seeing mail from one of your domains coming in from a host you know couldn't have legitimately sent it, you can reject it outright.
If you don't want to use SPF, you could use a combination of a check_client_access to whitelist your hosts followed by a check_sender_access.
One way to go could be to create a database of sender domains to validate, enter my own domains in it, and use "external" access to my own MTA and probing it. But that leads to cyclic probing! I suppose I am really looking for something simpler -- namely an invocation of the virtual(8) server for addresses on the said lists.
Why bother validating the address?
I don't see how I can do this with Postfix, and it's not even simple in a policy due to the cyclic risk. What are others doing in this respect?
I use SPF. Philip -- Philip Paeps Senior Reality Engineer Ministry of Information