Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Best way to reject email spoofed from my domain

2,693 views
Skip to first unread message

GT4NE1

unread,
Sep 28, 2007, 2:30:32 PM9/28/07
to
I've been getting a lot of spam with spammers who have spoofed my
domain in the from field. Emails with my domain as the from address
should never be recieved by these servers. What's the best way to
reject these?

content filter or is there something else I can do. I'm not ready to
implement SPF just yet.

Thanks,

-GT

Ralf Hildebrandt

unread,
Sep 28, 2007, 2:34:39 PM9/28/07
to
* GT4NE1 <gt4...@gmail.com>:

> I've been getting a lot of spam with spammers who have spoofed my
> domain in the from field. Emails with my domain as the from address
> should never be recieved by these servers.

By which servers?

> What's the best way to reject these?

these what? The mails sent initially OR the bounces coming back to you?

--
Ralf Hildebrandt (Ralf.Hil...@charite.de) pl...@charite.de
Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155
http://www.arschkrebs.de
Profanity is the one language all programmers know best.

GT4NE1

unread,
Sep 28, 2007, 2:40:24 PM9/28/07
to
Actually I think I figured it out. so my domain is bigdude.com and I
want to stop spammers from spoofing the from address *@bigdude.com,
because these servers should never receive mail FROM bigdude.com, only
TO bigdude.com

If I use:

smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/access

and then in /etc/postfix/access use

bigdude.com REJECT

That should work right?

Thanks,

-GT

Duane Hill

unread,
Sep 28, 2007, 2:55:50 PM9/28/07
to
On Fri, 28 Sep 2007 at 11:40 -0700, gt4...@gmail.com confabulated:

> Actually I think I figured it out. so my domain is bigdude.com and I
> want to stop spammers from spoofing the from address *@bigdude.com,
> because these servers should never receive mail FROM bigdude.com, only
> TO bigdude.com
>
> If I use:
>
> smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/access
>
> and then in /etc/postfix/access use
>
> bigdude.com REJECT
>
> That should work right?

check_sender_access does a check against the MAIL FROM (envelop sender)
before the SMTP DATA command has been received. It does not check the
email header FROM field which is received after the SMTP DATA command.

------
_|_
(_| |

Geert Hendrickx

unread,
Sep 29, 2007, 3:56:07 AM9/29/07
to
On Fri, Sep 28, 2007 at 11:40:24AM -0700, GT4NE1 wrote:
> Actually I think I figured it out. so my domain is bigdude.com and I
> want to stop spammers from spoofing the from address *@bigdude.com,
> because these servers should never receive mail FROM bigdude.com, only
> TO bigdude.com
>
> If I use:
>
> smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/access
>
> and then in /etc/postfix/access use
>
> bigdude.com REJECT
>
> That should work right?


That may also block some legitimate mail (e.g. from forwarders).

If they mostly use addresses @bigdude.com that don't exist,
smtpd_sender_restrictions = reject_unlisted_sender may already help a lot,
and it's much safer to use.

Geert


GT4NE1

unread,
Oct 2, 2007, 11:27:13 AM10/2/07
to
I already added sender restrictions to fix that issue. Hmmmm, not
sure how I am going to do this.

Vino Farr Tuff

unread,
Oct 2, 2007, 12:13:30 PM10/2/07
to
How about doing it like this...

smtpd_recipient_restrictions =
check_sender_access hash:/etc/postfix/sender_access

then on sender_access file use

biddude.com 554 mydomain in your envelope sender not allowed

/Jett


On 10 2, 07, at 11:27 PM, GT4NE1 wrote:

> I already added sender restrictions to fix that issue. Hmmmm, not
> sure how I am going to do this.
>
>
> On 9/29/07, Geert Hendrickx <gh...@telenet.be> wrote:
>> On Fri, Sep 28, 2007 at 11:40:24AM -0700, GT4NE1 wrote:
>>> Actually I think I figured it out. so my domain is bigdude.com
>>> and I
>>> want to stop spammers from spoofing the from address *@bigdude.com,
>>> because these servers should never receive mail FROM bigdude.com,
>>> only


!DSPAM:47026e32521962056399350!

mouss

unread,
Oct 2, 2007, 6:06:12 PM10/2/07
to
GT4NE1 wrote:
> I already added sender restrictions to fix that issue. Hmmmm, not
> sure how I am going to do this.
>

if you are after sender forgery, then setup sasl auth and use
reject_sender_login_mismatch. This is the best you can do.

if you don't want your domain in sender addresses from outside, then
check_sender_access is enough.

if only few systems send email with addresses in your domain, you can
use SPF.

In all cases, you'll reject "forwarded" mail (mail forwarded with the
sender address not rewritten). This is not an issue for most people.

0 new messages