Greetings,

I have a postfix smarthost that filters mail. Works great. Debian Lenny i386 running Postfix 2.5.5-1.1.

I have observed that most of the SPAM mail that slips past my header_checks share a common demeanor:

Return-Path: <spoofed-email-address@domain.com>
From: <my-email-address@mydomain.com>

In 99% of the SPAM that slips through, the two header attributes above do not match.

However, in a legitimate email's case ...

Return-Path: <myfriend@gmail.com>
From: <myfriend@gmail.com>

... these two values would match.

I want to make Postfix check to see if the Return-Path matches From (Obviously, I am speaking strictly of the data between the angle brackets (< and >). How can I make it so ?

Thank you.

subcon42

Found this at http://www.postfix.org/BACKSCATTER_R...#forged_sender

/etc/postfix/header_checks:
/^(From|Return-Path):.*\b(user@domain\.tld)\b/
reject forged sender address in $1: header: $2

... which I am testing this evening. I simply replaced the generic 'user@domain.tld' with my real email addresses.

Will post my findings when I have something to post.

subcon42

No ... did not work as expected.

AH, there we go. Got it working:

/^(From|Return-Path):.*(\<me@domain1\.com\>|\<me2@domain2\.com\>)/ REJECT forged sender address in $1: header: $2.

Its all in the escape characters (e.g: instead of \b \b, I used (\<$email.addr\>)).

subcon42

You can also do it like this (slightly more work, but less cryptic)

1. Create '/etc/postfix/spoofmap' (or similar) containing:
2. Postmap it:
3. Edit your main.cf and put it somewhere suitable - suggest in smtpd_recipient_restrictions as shown
4. reload Postfix

Greetings subcon42,

What you want to do is possible with a postfix content_filter.

I have made one and posted here.

Have Fun!

Thanks to both spampig and Eduardo_Nunes - both suggestions were very enlightening and will help me greatly.

Thank you

subcon42