On 18 Feb 2020, at 13:48, a <[email protected]> wrote:
> I looked around online to try to see examples to stop this but haven't found
> any yet. Maybe I'm missing something simple.
>
> My postfix server does allow incoming connections from the outside world to
> deliver mail to mailboxes on my server which is what I want. And it does
> restrict relaying from outside networks to other email addresses and that's
> how I need it to work. It's great postfix is set to do this by default.
> However, an outside network can still identify as a local email account to
> send into my network, making imposters possible.
Do not allow connections on port 25 that claim to be from your domains.
(I think this works still):
smtpd_helo_restrictions = reject_invalid_helo_hostname
check_helo_access pcre:/etc/postfix/helo_checks.pcre
permit
helo_checks.pcre:
/kreme\.com$/ REJECT helo Mail to AND from local domains not allowed from
external servers.
Or setup spf, which is what I’ve done.
--
It was long ago and it was far away / And it was so much better than
it is today
