Hello, Spammers often send (forged) mail where "mail from" address is the same as "rcpt to" address. An extension of that could be using a "mail from" address where src domain is one of our valid virtual domains. I can only think of 3 cases: 1) Src IP is 127.0.0.1 -> Mail should pass (eg: sent by webmail, installed on the same MTA host). 2) Authenticated sender -> Legit users authenticated by SASL -> Should pass 3) All the rest -> Should be rejected (SPAM) (assuming a simple single-MTA config, where MX -receiving mail server- is the same as MTA -outbound sending mail server-)
Which is the best/preferred Postfix config to filter out that kind of spam? I have all my valid domains in: virtual_mailbox_domains = hash:/etc/postfix/vdomain The current format of /etc/postfix/vdomain is: domain1 whatever domain2 whatever So perhaps I could do somthing like: smtpd_sender_restrictions = smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, XXXXX, permit where XXXX could be some kind of "check_sender_access" clausule, rejecting domains listed in $virtual_mailbox_domains. How could I implement this? Is there any other preferred solution? Another idea could be setting a SPF record for my domains and then some kind of SPF checks (how could I do that?). I know it is a must but I'd prefer to leave the SPF setup for the next stage (I'd like to deeply review all pros/cons, ~all vs ?all, etc). Cheers, -Roman
