On 23/04/2019 18:34, Bill Cole wrote:
On 23 Apr 2019, at 11:46, John Peach wrote:
On 4/23/19 11:39 AM, Paul wrote:
Yes I agree with Kevin here, the best solution to this problem is an
spf record set to reject mail from any ip that’s not in your allowed
list of ips for your domain. Forging a from address is very easy and
is one of the main purposes of why spf was created.
There is no need to go to those lengths - assuming that all your own
email is being submitted over port 587, include -o
receive_override_options=no_header_body_checks in the master.cf entry
for submission and use a PCRE header checks file for port 25.
/^From:.*\@example\.com/ REJECT
So you don't want to accept messages you or anyone else in your domain
posts to a mailing list such as this one?
Seems risky...
As per B. Reino's suggestion of header check white list, is there any
reason the following main.cf config should not be used ?
header_checks =
pcre:/etc/postfix/header_checks_pass
pcre:/etc/postfix/header_checks_fail
Best wishes,
Mick.
