Thomas Cameron skrev den 2023-07-17 17:54:
On 7/16/23 17:57, Benny Pedersen wrote:
back to basic:
why accept local envelope SENDER domains on port 25 ?
its safe to reject them
its not a question on spf or stupid srs rewrites
That's actually a great point. So you're saying to tell sendmail to
reject emails purporting to come from me if they come from another
mail server?
Got a pointer to documentation on how to do that? I'm all ears.
sorry using postfix here, but same can be done with sendmail, i just
don't know how :)
in postfix i have postgresql data for virtual_mailbox_maps so it knows
with mail to accept
if this is used to check forged senders in port 25 you can safely reject
this forged senders
remember to use virtual_alias_maps aswell so it does not accept anything
local on port 25 as envelope sender, should be rejected if its known
local recipient
this is same as just use spf, but in postfix its done without using spf,
if spf have include: it unsafe to reject based on spf
with postfix maps its safe
sorry no guides from me, if you can change from sendmail to postfix
please do, so there will be more help to solve it
