postfix gateway reject incoming spoofed emails from my domain

0

I have a postfix gateway. It only allows emails from the outside to a list of internal users in mydomain.com and it allow emails from my internal mail server to go out to the internet. There is no authentication happening on the gateway.

I would like a simple way to reject any incoming emails with a from address in mydomain.com while still allowing outgoing emails from my internal mail server (preferably only ones with a from address of mydomain.com).

I already have SPF enabled but I can't make it too strict for various reasons unrelated this issue.

k-h

Posted 2016-04-28T00:53:13.537

Reputation: 67

Answers

1

In the Python policyd-spf, you can enable strict SPF for specific domains only:

Reject_Not_Pass_Domains = mydomain.com

This will require SPF checks to 'pass' for the listed domains, while still having a relaxed policy for everyone else.

Alternatively, you could maybe block the domain entirely using check_sender_access in smtpd_sender_restrictions; do it in master.cf, making sure to only apply it to port 25 (server-to-server) and not port 587 (client-server, for outgoing mail).

user1686

Posted 2016-04-28T00:53:13.537

Reputation: 283 655

Thanks, I think the spf answer does what I want. btw how do I only apply something to port 25 in master.cf? – k-h – 2016-04-30T02:04:51.247

A stock master.cf already has examples for policy specific to port 587 (submission). – user1686 – 2016-04-30T12:54:20.887

Asked: 2016-04-28T00:53:13.537

Viewed: 600 times

Active: 2016-04-28T06:18:10.430