On Tue, 23 Apr 2019 at 18:35, Bill Cole < postfixlists-070...@billmail.scconsult.com> wrote:
> On 23 Apr 2019, at 11:46, John Peach wrote: > > > On 4/23/19 11:39 AM, Paul wrote: > >> Yes I agree with Kevin here, the best solution to this problem is an > >> spf record set to reject mail from any ip that’s not in your > >> allowed list of ips for your domain. Forging a from address is very > >> easy and is one of the main purposes of why spf was created. > > > > There is no need to go to those lengths - assuming that all your own > > email is being submitted over port 587, include -o > > receive_override_options=no_header_body_checks in the master.cf entry > > for submission and use a PCRE header checks file for port 25. > > > > /^From:.*\@example\.com/ REJECT > > > > So you don't want to accept messages you or anyone else in your domain > posts to a mailing list such as this one? > I'm quite happy with this in principle (though my actual regex is a little more complicated), but I am only maintaining a few domains for use within our organisation, and I am the only person using mailing lists. Most mailing lists (but not this one, alas, AFAIK) offer a setting to turn off resending of one's own postings back to oneself.
