How to prevent remote hosts from delivering mail to Postfix with spoofed From header?

Posted by Hongli Lai on Server Fault See other posts from Server Fault or by Hongli Lai
Published on 2011-10-13T11:02:52Z Indexed on 2012/07/04 21:18 UTC
Read the original article Hit count: 319

Filed under:
|

I have a host, let's call it foo.com, on which I'm running Postfix on Debian. Postfix is currently configured to do these things:

  1. All mail with @foo.com as recipient is handled by this Postfix server. It forwards all such mail to my Gmail account. The firewall thus allows port 25.
  2. All mail with another domain as recipient is rejected.
  3. SPF records have been set up for the foo.com domain, saying that foo.com is the sole origin of all mail from @foo.com.
  4. Applications running on foo.com can connect to localhost:25 to deliver mail, with [email protected] as sender.

However I recently noticed that some spammers are able to send spam to me while passing the SPF checks. Upon further inspection, it looks like they connect to my Postfix server and then say

HELO bar.com
MAIL FROM:<[email protected]>     <---- this!
RCPT TO:<[email protected]>
DATA
From: "Buy Viagra" <[email protected]>   <--- and this!
...

How do I prevent this? I only want applications running on localhost to be able to say MAIL FROM:<[email protected]>. Here's my current config (main.cf): https://gist.github.com/1283647

© Server Fault or respective owner

Related posts about postfix

Related posts about smtp