How to prevent remote hosts from delivering mail to Postfix with spoofed From header?
Posted
by
Hongli Lai
on Server Fault
See other posts from Server Fault
or by Hongli Lai
Published on 2011-10-13T11:02:52Z
Indexed on
2012/07/04
21:18 UTC
Read the original article
Hit count: 322
I have a host, let's call it foo.com, on which I'm running Postfix on Debian. Postfix is currently configured to do these things:
- All mail with @foo.com as recipient is handled by this Postfix server. It forwards all such mail to my Gmail account. The firewall thus allows port 25.
- All mail with another domain as recipient is rejected.
- SPF records have been set up for the foo.com domain, saying that foo.com is the sole origin of all mail from @foo.com.
- Applications running on foo.com can connect to localhost:25 to deliver mail, with [email protected] as sender.
However I recently noticed that some spammers are able to send spam to me while passing the SPF checks. Upon further inspection, it looks like they connect to my Postfix server and then say
HELO bar.com
MAIL FROM:<[email protected]> <---- this!
RCPT TO:<[email protected]>
DATA
From: "Buy Viagra" <[email protected]> <--- and this!
...
How do I prevent this? I only want applications running on localhost to be able to say MAIL FROM:<[email protected]>
. Here's my current config (main.cf): https://gist.github.com/1283647
© Server Fault or respective owner