Re: SPF checks for incoming mail and postfix-policyd-spf-perl

From: Victor Duchovni (no email)
Date: Tue Apr 15 2008 - 16:33:46 EDT

  • Next message: Robert Schetterer: "Re: your mail"

    On Tue, Apr 15, 2008 at 04:26:55PM -0400, Ray Edwards ZREDWARD wrote:

    > We are looking into checking incoming mail to our domain against SPF
    > records. This is due to forging of the senders address. We are doing valid
    > recipient checking. One of our IT security people has recently received
    > some SPAM that had the senders address spoofed to an address that had our
    > domain name in it , and he is wanting us to investigate SPF record checks
    > into Postfix.

    You don't need to publish SPF to reject (if that is appropriate)
    external email with an envelope sender in your domain. Just use
    suitable access(5) rules for your domains.

    > Or is there a better way to reject mail with forged sender
    > addresses to an address with our domain name in it.

    If that's your goal, do just that.

    main.cf:
      smtpd_sender_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        check_sender_access hash:/etc/postfix/sender-access

    sender-access:
      # See http://www.postfix.org/postconf.5.html#parent_domain_matches_subdomains
      example.com REJECT external email with an internal sender address
      .example.com REJECT external email with an internal sender address

    -- 
    	Viktor.
    Disclaimer: off-list followups get on-list replies or get ignored.
    Please do not ignore the "Reply-To" header.
    To unsubscribe from the postfix-users list, visit
    http://www.postfix.org/lists.html or click the link below:
    <mailto:?body=unsubscribe%20postfix-users>
    If my response solves your problem, the best way to thank me is to not
    send an "it worked, thanks" follow-up. If you must respond, please put
    "It worked, thanks" in the "Subject" so I can delete these quickly.
    

  • Next message: Robert Schetterer: "Re: your mail"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD