> -----Original Message----- > From: owner-postfix-us...@postfix.org > [mailto:owner-postfix-us...@postfix.org] On Behalf Of itsramesh_s > Sent: Friday, 6 February 2009 4:25 PM > To: postfix-users@postfix.org > Subject: Sender-Recipient forged mail > > > Hi, > > I have configured postfix postfix-2.4.5-2.fc8. all mail user are > getting forged mails as sender and recipient are same. we have > secondary mx i am sending both postconf output, > > Please help me to stop forged mail. > > Postconf -n of primary MTA > > smtpd_recipient_restrictions = permit_sasl_authenticated, > permit_mynetworks, reject_unauth_pipelining, > reject_unknown_recipient_domain, reject_non_fqdn_sender, > reject_unauth_destination
You could do with a whole lot more smtpd restrictions, such as reject_non_fqdn_recipient, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, reject_unknown_sender_domain, reject_unknown_reverse_client_hostname (or reject_unknown_client_hostname, but this tends to give a lot of false positives due to admins who can't configure DNS properly, unfortunately). If all your senders are sending from hosts in mynetworks, then the easiest method is to do "check_sender_access hash:/etc/postfix/sender_access" after reject_unauth_destination (and permit_mynetworks, of course), where /etc/postfix/sender_access is as follows: mydomain.com REJECT Mail from our senders must come from our hosts
