On Mon, 13 Aug 2018 at 12:20, @lbutlr <krem...@kreme.com> wrote: > On 12 Aug 2018, at 17:29, Stuart Longland <stua...@longlandclan.id.au> > wrote: > > We have a problem where some smart-arse spammers/phishers are spoofing > > the From address, specifying our domain as their from address. In one > > case, the person in question uses my personal address in the From, To > > and Return-Path. In others, they pretend to be a scanner sending a > > supposedly "scanned document". > > Don’t accept mail from local users coming from a foreign server? > > That’s what I do. >
Can that work for the mail address in the header.from? Is it possible to have different header_checks depending on whether or not the mail is authenticated/local or not (I know this is possible for smtpd_restrictions_lists) e.g. like this - assuming all 'outgoing' mail is either authenticated or local: /etc/postfix/master.cf: smtp inet n - y - - smtpd -o header_checks=$header_checks_wild /etc/postfix/main.cf: # default for emails coming in on ports other than 25, or via pickup: header_checks = # but for emails arriving via port 25: header_checks_wild = pcre:/etc/postfix/check_headers_wild.pcre
