Jon a écrit : > Wietse Venema wrote: >> James D. Parra: >>> Hello, >>> >>> How can I drop external messages with a return address from our domain? >> >> Something like this will reject "local" senders from outside >> "mynetworks". >> >> > > I'm glad this question came up, I too am getting from=<m...@mydom> > to=<m...@mydom> hits lately and appreciate the example. >
make sure to use zen.spamhaus.org. > Expanding on James question: > > If I set one postfix box as MX for inbound and another independent > computer handles my outbound, are there obvious scenarios where "local" > senders outside "mynetworks" might disrupt legitimate bounces, or NDR's, > or... insert featureName... which I might need to be careful of? > > This is assuming no traveling users would use my MX box as a relay of > any sort. One problem would be if a user of yours has an external account with a .forward. an example being simpler than a long literature, here is one: - j...@example.com has an account at j...@university.example - b...@example.com sends mail to j...@univeristy.example - the latter is forwarded to the internal account: j...@example.com - now your system gets mail for j...@example.com, sent via a relay of university.example, with a sender of "b...@example.com". that said, such situations should not occur as often as they used to. one way to go about this is to inform your users that you'll be blocking such mail, except if they tell you which forwarding's they have, in which case, you can check and possibly whitelist the forwarder.
