This was also a topic last month, maybe someone has gotten new ideas ..

The problem is this : Anybody in the world can connect to our mail
gateway and send a mail that appears to come from mydomain.org

We are already getting quite a few spams like this and since some of them
appear to come from high level managers advertising embarresing
products they are fuming to have this hole closed..

It complicates the matter that smtpd_sender_restrictions almost never
works since it's only in the header that the mail says BigBossmydomain

The ideal solution would be to add something like :

header_checks =
        permit_mynetworks
        regexp:/etc/postfix/BlockInternal

But apparently that is not allowed ::
Aug 6 11:07:45 BioDef postfix/cleanup[12328]: fatal: open dictionary: need "type:name" form: permit_mynetworks

Out current idea is to add an additional mail server for outgoing mail
and use the current one only for incoming .. That way we can block
it with mtpd_sender_restrictions and header_checks

Any better ideas ?

-- 
 Ríkharður Egilsson - Networking/Security EXD/ITN/CCO
 OECD/OCDE - Organisation for Economic Co-operation and Development
-
To unsubscribe, send mail to majordomopostfix.org with content
(not subject): unsubscribe postfix-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]