content filter or is there something else I can do. I'm not ready to
implement SPF just yet.
Thanks,
-GT
By which servers?
> What's the best way to reject these?
these what? The mails sent initially OR the bounces coming back to you?
--
Ralf Hildebrandt (Ralf.Hil...@charite.de) pl...@charite.de
Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155
http://www.arschkrebs.de
Profanity is the one language all programmers know best.
If I use:
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/access
and then in /etc/postfix/access use
bigdude.com REJECT
That should work right?
Thanks,
-GT
> Actually I think I figured it out. so my domain is bigdude.com and I
> want to stop spammers from spoofing the from address *@bigdude.com,
> because these servers should never receive mail FROM bigdude.com, only
> TO bigdude.com
>
> If I use:
>
> smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/access
>
> and then in /etc/postfix/access use
>
> bigdude.com REJECT
>
> That should work right?
check_sender_access does a check against the MAIL FROM (envelop sender)
before the SMTP DATA command has been received. It does not check the
email header FROM field which is received after the SMTP DATA command.
------
_|_
(_| |
That may also block some legitimate mail (e.g. from forwarders).
If they mostly use addresses @bigdude.com that don't exist,
smtpd_sender_restrictions = reject_unlisted_sender may already help a lot,
and it's much safer to use.
Geert
smtpd_recipient_restrictions =
check_sender_access hash:/etc/postfix/sender_access
then on sender_access file use
biddude.com 554 mydomain in your envelope sender not allowed
/Jett
On 10 2, 07, at 11:27 PM, GT4NE1 wrote:
> I already added sender restrictions to fix that issue. Hmmmm, not
> sure how I am going to do this.
>
>
> On 9/29/07, Geert Hendrickx <gh...@telenet.be> wrote:
>> On Fri, Sep 28, 2007 at 11:40:24AM -0700, GT4NE1 wrote:
>>> Actually I think I figured it out. so my domain is bigdude.com
>>> and I
>>> want to stop spammers from spoofing the from address *@bigdude.com,
>>> because these servers should never receive mail FROM bigdude.com,
>>> only
!DSPAM:47026e32521962056399350!
if you are after sender forgery, then setup sasl auth and use
reject_sender_login_mismatch. This is the best you can do.
if you don't want your domain in sender addresses from outside, then
check_sender_access is enough.
if only few systems send email with addresses in your domain, you can
use SPF.
In all cases, you'll reject "forwarded" mail (mail forwarded with the
sender address not rewritten). This is not an issue for most people.