Re: how to reject a spoofed "From: " address?

[Pete]

Hi,


> EMails with a spoofed "From: " address in the EMail header,
> matching my own domain?
AFAIR the only way to achieve that is a custom filter.

> match from any mail-fromfor any reject
> match mail-from for any reject
These just look at the MAIL FROM in the envelope.

how to reject a spoofed "From: " address?

[Harald Dunkel]

Hi folks,

AFAICS opensmtpd can reject EMails with a spoofed from address
in the envelope, as shown in smtpd.conf(5). But how can I reject
EMails with a spoofed "From: " address in the EMail header,
matching my own domain?

See below for smtpd.conf. EMails with a spoofed From addresses get
through via rule 8.


Every insightful comment is highly appreciated.
Harri
--
xname = "mail.example.de"

pki $xname cert "/etc/ssl/public/mail.example.de.chain.pem"
pki $xname key "/etc/ssl/private/smtpd.key.pem"
pki $xname dhe auto

listen on lo0   tls pki $xname
listen on internal  tls pki $xname
listen on external  tls pki $xname

table aliases db:/etc/mail/aliases.db

table trusted_mta { 10.1.0.11 10.1.0.22 }

table at_example{"@example.de", "@example.com", "@*.example.de", 
"@*.example.com"}
table example   {"example.de", "example.com", "*.example.de", 
"*.example.com"}

action "local"mbox alias 
action "relay_example"relay host smtp://mail.int.example.de helo 
"mail.example.de"
action "relay_external"   relay src { 10.0.0.1 2001:db8::::1 } helo 
"mail.example.de"

match from localfor local   action "local"
match from localfor domain   action 
"relay_example"
match from localfor any action 
"relay_external"

match from src   for domain   action 
"relay_example"
match from src   for any action 
"relay_external"

match from any mail-from  for any reject
match mail-from   for any reject
match from any  for domain   action 
"relay_example"

# the rest is rejected by default
match from any for any reject