Benny Pedersen:
> On 2021-10-25 07:11, Thomas Anderson wrote:
> > The IP it came from was outside my network.
>
> you can reject all evevelope senders if its claims its your domain in
> port 25, you will never send it there, never as never, spf is just a
> global world protection not needed for postfix to make thar policy
# Disallow sen...@example.com (and subdomains) from strangers.
main.cf:
smtpd_sender_restrictions =
inline:{{ example.com = permit_mynetworks, reject }}
# Allow from authenticated mail user agents.
master.cf:
submission ...
-o smtpd_sender_restrictions=
...
smtps ...
-o smtpd_sender_restrictions=
...
It's not the default because historically, some mailing lists did
not reset the envelope sender, and your postings to such a list
could have your own envelope sender address.
Wietse
