1

My postfix setup (running in the cloud) successfully prevents relaying, requiring authentication to send to a non-local domain.

However, spammers are sending to user@mydomain.com from someotheruser@mydomain.com and since the destination is on @mydomain.com the message is accepted. (They are sending fake emails to my users from administrator@mydomain.com).

Is there a way to force authentication if both source and destination are on mydomain?

Please note this is NOT a generic question about spam, it is Postfix specific in regards to requiring authentication, forcing Postfix to require authentication in the case that the FROM and TO fields are on the same domain, the local domain.

TSG
  • 1,634
  • 6
  • 29
  • 51
  • 2
    Possible duplicate of [Fighting Spam - What can I do as an: Email Administrator, Domain Owner, or User?](https://serverfault.com/questions/419407/fighting-spam-what-can-i-do-as-an-email-administrator-domain-owner-or-user) – Gerald Schneider Mar 13 '19 at 13:14
  • Setting up SPF would prevent that. – Gerald Schneider Mar 13 '19 at 13:15
  • How would SPF prevent that? SPF is useful for MTA to MTA validation since all mail from a foreign domain must come through the SPF designated MTA. But for users connecting to their own MTA this doesn't help – TSG Mar 13 '19 at 13:46
  • It prevents sending emails with your domain from any server but your own. If you set up an SPF record and configure your MTA to reject SPF failures you have that case covered. – Gerald Schneider Mar 13 '19 at 13:59
  • But my valid users can send mail via SMTP from any IP. So I cannot create an SPF record for valid senders of my own domain - only foreign domains – TSG Mar 13 '19 at 14:12

0 Answers0