We use postfix as a null client to send out mail from a php webserver via sendmail. We host our incoming mail servers elsewhere and use a SPF record to authorise the server to send emails from our domain. This all works.
Now I would like to harden postfix, specifically against exploited PHP scripts which are sending mail spam. But the problem is that I want to allow emails to be sent to any valid address since I have customer web forms who need to be able to receive confirmation emails. I realise this is damage limitation and there is only so much that is possible.
What things do people suggest for detecting/preventing this? or should I focus my efforts elsewhere.
Things I have thought of but not tried yet are:
To stop any emails being sent as FROM: domains I am not authorized to send from. I found how to configure this using
smtpd_recipient_restrictions = check_sender_access
Will this work with localhost sendmail? Is it even worth it if the attacker knows mails only get sent with the correct FROM address?To detect that a flood of emails is being sent by localhost and to shut it down and alert me via email. No idea how to do this or whether it's even possible.