OK.. How about this one:
I have had good luck blocking SPAM email which has a MAIL FROM: address in my own domain, by blocking all email from my domain in an access map on 'smtpd_sender_restrictions', and then listing 'permit_mynetworks' and 'permit_sasl_authenticated' first.
I call this 'domain restriction' because it allows you to restrict email that purports to be from your domain, but was not sent via an authorized source - a host on your network, or a user which logged in via SMTP AUTH.
Now Im seeing SPAM that has a 'From:' header address at my own domain, but the MAIL FROM: is different. It gets in the perimeter, and then my anti-spam software whitelists it, because my domain is on the whitelist!
Does anyone know of a similar trick to somehow block all email with a From: address from a particular domain, but let through anything that comes from your own network, or email that was sent via SMTP AUTH?
I use header_checks, but dont know a way to do this.
