Hi, >> I'm trying to configure postfix-3.0.2 to reject mail trying to spoof >> my domain in the envelope FROM address without rejecting my own >> domain, and I'm doing something wrong. > > Typically this is done something like: > smtpd_sender_restrictions = > permit_mynetworks > check_sender_access hash:/path/to/reject_my_domain
The combination of your suggestions, and probably most specifically the permit_mynetworks, is what appears to have fixed it. This originated with me trying to have a better understanding of SPF. check_sender_access consults $mynetworks to determine which servers can send mail as my domain. How does this relate to entries in my SPF record for servers that may be sending mail to users in my domain? I would think it would be necessary to list them in $mynetworks, however, I don't want to inherit whatever other problems come with other things happening on those IPs. I was in the process of setting up SPF, but ran into some stability problems with the pyspf application. >> relay_domains = $transport_maps, example.com, cs.example.com, example.com > > *DANGER* > Be aware that adding $transport_maps to relay_domains is unwise. > You become an open relay for any destination listed in > $transport_maps, which becomes a problem if you add a custom > transport for hotmail, gmail, etc. I currently only have a few transports to route mail from certain sub-domains to other systems: mail01.example.com local: site1.example.com smtp:[66.XXX.YYY.100] Is it necessary in this case to have $transport_maps as part of relay_domains? Thanks so much, Alex
