On Fri, 16 Nov 2018 at 13:20, Francesc Peñalvez <naz...@almogavers.net> wrote: > > Lately we are receiving spam mails that apparently the mail from the and > the to is the same. How is it possible to avoid this?. I have configured > postfix to avoid the relay of emails and to be able to send mail through > my postfix is necessary the auth , these emails are sent externally from > several ips and seeing the logs of those emails are not authenticated
SpamAssassin 3.4.2 has the FromNameSpoof Plugin which should help. You can also write your own header_checks test like this (which is broader than your use case): if /^From:/ # emails from our domains and some others are not subject to restrictions here /((mydomain1\.tld|mydomain2\.tld)>?\s*$/ DUNNO # but try to block emails that pretend to be from us # (a) e.g. From: domi...@mydomain1.tld <s...@fakesender.tld> /^(.*mydomain1\.tld"? <.*)$/ REJECT From header impersonation type 1 # (b) e.g. From: Dominic Raferd <s...@fakesender.tld> if /^From: ?(Mr?s? )?(D(ominic)?.*Raferd)/ # but allow some exceptions... e.g. apple, launchpad !/(@bugs\.launchpad\.net|noreply@email\.apple\.com)>?\s*$/ REJECT From header impersonation type 2 endif
