2

Is there any way to configure reverse MX check for Postfix to check incoming emails?

I just noticed that most of our spam which are still coming true are sent (or seems to be sent) from properly configured SMTP servers, (like yahoo's or which ever), passing reverse DNS, SPF and other checks, but actually there is often no MX records in those domain names of sender addresses at all. Then when those spam mails often goes to the removed mail boxes too, our postfix tries to send notices to the senders email addresses about that, but those notices can't be send as the MX record is actually missing from the domain names of the senders email addresses.

Smart! That could be the way how I would send my one time mass spams, as I would probably not care about those notices to senders addresses and get just load to my domain (if even in use), and I could too leave my MX record to be not recorded.

However, by assuming that who will send important emails for me, he would use senders email address which can actually receive my reply too, and would therefore have MX record in the domain name of his senders address too. So, I could just reject those incoming emails which are send from the senders addresses which does not have MX records. Right? But how could I do that? Any advice for this?

Tero
  • 21
  • 1
  • Are you referring to the `From:` header or the actual `MAIL FROM` _envelope sender_? Postfix does checks against the envelope sender, and it's not likely that email providers would allow using external non-registered domains for this, but the `From` header can easily be spoofed. – Esa Jokinen Apr 09 '18 at 05:36
  • Both. Those seems to be equal in many of spam messages, even reverse DNS is ok, but in the domain names there is no MX-records. And those are spam. – Tero Apr 09 '18 at 17:36
  • Actually From: header. But in domain names, of the From: there is no MX-records. And those are spam. Just now from these was SPAM coming: zoo.ifaroo.com[51.255.134.232], uproar.ayfuror.com[8.39.235.35], online.uionlne.com[137.74.96.66]. There is no MX-records, at least just now. And SPF records are matching to those send servers. From: is like "jack@zoo.ifaroo.com". Tomorrow those domain names may not match with those IP addresses anymore, but what is common, there is no MX records in these domains at all. At the moment of receiving the spam SPF records are matching. Like to reject if no MX. – Tero Apr 09 '18 at 19:24

1 Answers1

3

Postfix can't do this. I use rspamd for that, there is a rules:

MX MX_INVALID Domain has no working MX

MX MX_MISSING Domain has no resolvable MX

Just set high score and enjoy blocking spam.

p.s. RFC does not requires domain to have valid MX record

Bloody
  • 31
  • 2