Postfix: blocking people spoofing emails FROM my domain
I've configured postfix so that it's not operating as an open relay. It will only accept a RCPT TO: mydomain and it will accept any MAIL FROM: domain - so it can accept emails from external addresses.
However someone is spoofing emails from my domain. So if the email is both to and from my domain it will be accepted.
How can I configure postfix to reject emails from my domain unless the user is SASL authenticated? (or the login comes from 127.0.0.1)
Thanks
6 Replies
I need a solution that will block this type of spoofed mail but I can't turn on full SPF fail blocks
My DNS record has the following: XXXnetwork.com. IN TXT "v=spf1 a mx a:sv1.XXXnetwork.com ip4:XXX.230.141.86 ip6:2600:3c02::f03c:91ff:fef1:XXX -all"
The XXX's are just redacted pieces probably not even enough redaction for anonymity but that is OK. This works perfect. I lose no email of importance over the course of a year. Servers that don't use SPF ignore it but my spoofing is way down. Granted due to the fact that some servers do not respect SPF there will be some spoofing but minimizing greatly is helpful. Most MTA will track your reputation based on IP but if some see spam coming from a domain over and over they may list you as a poor performer. Advantage is that most of the major providers respect SPF and it's ilk and that is where the spammers target most (largest audience).
IF you are going to go Neutral or Pass all and are not testing. You may as well not bother. It's almost always going to pass.
It's a small challenge to test in a live environment but see my suggestion below. Lower your domains TTL so you can revert back quickly if you are unhappy.
(edit)Alternative(edit) Complimentary methods: DKIM & DNSSEC.
SPF is the easiest remediation technique for what you describe but you may as time permits build up your Infrastructure.
There are many tools to test. I rather like this one: