How to prevent remote hosts from delivering mail to Postfix with spoofed From header?
- by Hongli Lai
I have a host, let's call it foo.com, on which I'm running Postfix on Debian. Postfix is currently configured to do these things:
All mail with @foo.com as recipient is handled by this Postfix server. It forwards all such mail to my Gmail account. The firewall thus allows port 25.
All mail with another domain as recipient is rejected.
SPF records have been set up for the foo.com domain, saying that foo.com is the sole origin of all mail from @foo.com.
Applications running on foo.com can connect to localhost:25 to deliver mail, with something@foo.com as sender.
However I recently noticed that some spammers are able to send spam to me while passing the SPF checks. Upon further inspection, it looks like they connect to my Postfix server and then say
HELO bar.com
MAIL FROM:<[email protected]> <---- this!
RCPT TO:<[email protected]>
DATA
From: "Buy Viagra" <[email protected]> <--- and this!
...
How do I prevent this? I only want applications running on localhost to be able to say MAIL FROM:<[email protected]>. Here's my current config (main.cf): https://gist.github.com/1283647