Hi,
I'm trying to understand how to reject mail not within my domain
claiming it's from my domain. I understand body_checks can be used
to block mail "From:" my domain, and check_sender_access can be used
to block "MAIL FROM" my domain, but don't understand the
implications of doing that.
I have postfix set up on a mail relay which accepts mail from the
Internet and forwards to an internal Exchange server. This Exchange
server is the only server responsible for outbound mail.
There are no mobile users, but on occasion mail is sent from bulk
mailers as being "From:" our domain. I'm concerned that by
implementing body_checks or a sender map could reject these emails.
Do these bulk mailers generally have a common setup where they can
be configured to use smtp-auth for this?
I'm hoping someone can provide some general guidance on how to
configure my system to permit trusted senders to use our domain
while spammers trying to use "From:" our domain are rejected.
Is this type of spoofing generally a concern? Is typically SPF the
best approach?
Thanks,
Alex
Use SPF to limit forgery by outside parties. This restricts use of
the envelope sender, not the From: header. Note this may affect
your recipients' ability to forward your mail elsewhere.
Generally, you should ignore the contents of the From: header as a
spam indicator. For example, this email says it's from me, but it's
really from the postfix-users list.
If you want to be strict about it, you can use a content filter such
as SpamAssassin and add a little bit to the score based on the From:
header, but it would be unwise to reject mail only because the From:
header contains your domain. For example, you would never receive
your own posts to this list.
Note that sometimes mail arrives with a bare username in the From:
header. Some configurations of postfix may add "@$myorigin" to the
bare name. To prevent this, on your gateway set main.cf
remote_header_rewrite_domain = domain.invalid
http://www.postfix.org/ADDRESS_REWRITING_README.html#william
Thanks so much for your help. That brings together the individual
pieces. Now I can ask more specific questions.
Thanks,
Alex
