|
Rejecting mail where sender matches recipient in postfix
Hi all,
This seems like a relatively simple question, but I haven't been able to figure it out from the documentation after a couple of hours of searching. I'm running postfix on my mail server, and the vast majority of my spam has the sender address spoofed to match the recipient address. I've got spamassassin up and running, and very little gets through that, so it's not a serious problem, but if possible I would like to be able to reject the mail before it arrives to reduce the system load. Mail is sent locally via webmail, relaying is denied, so the only way that mail should be sent from the domain is via a connection from localhost. The basic idea I'm thinking of is if the MAIL FROM sender claims to be an address at the receiving domain, but is connected from a remote IP, the mail should be rejected. Is there any way of doing this? Thank you! |
Hello there, Gethyn. Do you use RBLs like zen.spamhaus? Do you make all your users validate through SASL? Is your mail server used ONLY by the webmail app?
|
Hi, Gethyn.
As walruz mentions, spamhaus does eliminate a lot of spam. But, see below for the solution you wanted. Quote:
Code:
# main.cfCode:
# sender_accessAlso take a look at reject_unlisted_sender, which does something a little different. See the postconf(5) man page. |
Hey guys,
Thanks for your responses. I use RBLs in spamassassin, but I am very cagey about using them to reject messages outright at the postfix level because of the danger of losing mail. The people I'm working for at the moment have lost a number of messages from clients whose ISP mailservers have inadvertently ended up on a RBL somewhere (I didn't set up their mail system, I hasten to add!). However, the check_sender_access change suggested by Berhanie appears to be exactly what I want, I just tested it and it's looking good. Thank you for showing me how to sort this problem out! |
| All times are GMT -5. The time now is 07:39 AM. |