2

I've installed a Zimbra 8.0.7, recently the server have become to deliver emails from accounts that belong to my domain ("example.com") but this mails come from external smtps, for example: 1. the emails accounts (only accounts from "example.com" server) receives emails from "admin@example .com" and this emails are not sent by our server, this emails came from external servers that "says" that are sending emails as our server, and our postfix are trying this emails as real emails and deliver this emails in inbox folder.

I'm wondering if there is any configuration on postfix to it performs same "DNS check" that realizes with external incoming emails but in the emails that receives from "example.com" sent by other ips?

Jenny D
  • 27,358
  • 21
  • 74
  • 110
J S
  • 29
  • 1
  • 2

2 Answers2

1

Those mails are send via the SMTP protocol and because this protocol is used by other servers AND by mail clients such as thunderbird or android. I do not know it is possible in Postfix to disable receiving mails from you own domain via SMTP, as your users won't be able to use there own mail client.

You can add a SPF record to you domain. This is a special DNS entry that states the IP numbers and servers that may be used for sending mail for you domain. There are quite a lot sites for helping you with setting up for example http://www.spfwizard.net/ If you set the policy to -all only your selected mailservers may be used to send mail. This means that you have to be sure the SPF record is setup correctly and is complete.

After you've setup a SPF record you can choose to alter the spam filter to assign a higher score to a failing SPF.

But be aware that this is not only for your own SPF setup, but for all domains that have SPF configured.

Add the following setting to the end of /opt/zimbra/data/spamassassin/localrules/sauser.cf:

score SPF_FAIL 8

Activate this with

zmamavisdctl restart
Micha Kersloot
  • 409
  • 2
  • 9
0

You have to add a SPF record to your domain first. You can use an online spf wizard for this. Then you have to make sure that your server checks SPF. The answer of Micha Kersloot is one way of doing this. The other way is to check spf at MTA level. I have written a basic guide in the following URL. Do not try this method unless you are really familiar with zimbra CLI commands and file structure.

Zimbr SPF

eranga
  • 164
  • 1
  • 11