Set Postfix to block fake emails
I just want to set postfix to block fake emails that can just type:
MAIL FROM: someonefake@google.com
RCPT TO: user@inmydomain.com
Of curse IP of sender is not even related with google's IP or their MX
I blocked almost all unwanted functionality in postfix, but I cant find proper information in documentation. I tried varies settings but all of them fails to prevent sending mail to mine server that way. I assume that this is a simple task, and you - experts - will get with this in 2 minutes... So can you help me ?
MAIL FROM: someonefake@google.com
RCPT TO: user@inmydomain.com
Of curse IP of sender is not even related with google's IP or their MX
I blocked almost all unwanted functionality in postfix, but I cant find proper information in documentation. I tried varies settings but all of them fails to prevent sending mail to mine server that way. I assume that this is a simple task, and you - experts - will get with this in 2 minutes... So can you help me ?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I second urgoll for SPF :-) Thought SPF is not so famous at the moment and it hasnt been goodly developed in years anymore. But thats one more thing you could add to your postfix installation too to make it more effective.
Have you set Postfix to reject rDNS failures and unknown hosts? That should take care of the scenario you outlined, I think.
/RID
/RID
rid: the original question discusses someone spoofing gmail.com addresses - hostnames are good and the mail sender's domain are valid, it's just that the address used doesn't exists.
It is true that rejecting reverse DNS failures and invalid domains is a good idea and cuts down the overall volume of spam. For the record, this is done but using :
reject_unknown_sender_doma
reject_invalid_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
to the smtpd_*_restrictions statements in the main.cf file.
Regards,
Christophe
It is true that rejecting reverse DNS failures and invalid domains is a good idea and cuts down the overall volume of spam. For the record, this is done but using :
reject_unknown_sender_doma
reject_invalid_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
to the smtpd_*_restrictions statements in the main.cf file.
Regards,
Christophe
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Actually i think that i set postfix very restrictive:
smtpd_sender_restrictions = permit_sasl_authenticated,
main, reject_non_fqdn_sender, reject_unknown_address
smtpd_recipient_restrictio
t_unauth_destination, check_policy_service unix:private/policy-spf, reject_non_f
qdn_sender, reject_non_fqdn_recipient,
own_recipient_domain, reject_invalid_hostname, reject_unverified_recipien
ct_unknown_client
But i tried to find anything about my problem and ... cant find anything. As I said I can login into my server using my ISP IP by telneting to 25 port then sending mail from even not fake mail but by spoofing someone (the problem is for example security@paypal.com). I would like to restrict that if someone want to send mail to recipient in mine server (because I got relaying turned off and set sasl auth so only problem sending to my recipient) then his IP must got revDNS on domain from where mail was sent (so revDNS of IP should be paypal.com). Is that even possible?? Futher more is there possible to set EHLO to user IP revDNS rather that what he typed??
Actually only I received spoofed paypal mail, but mine users are more like "normal" people and could be confused with that type of spam :( I apprecieate any help from you side here guys :)
smtpd_sender_restrictions = permit_sasl_authenticated,
main, reject_non_fqdn_sender, reject_unknown_address
smtpd_recipient_restrictio
t_unauth_destination, check_policy_service unix:private/policy-spf, reject_non_f
qdn_sender, reject_non_fqdn_recipient,
own_recipient_domain, reject_invalid_hostname, reject_unverified_recipien
ct_unknown_client
But i tried to find anything about my problem and ... cant find anything. As I said I can login into my server using my ISP IP by telneting to 25 port then sending mail from even not fake mail but by spoofing someone (the problem is for example security@paypal.com). I would like to restrict that if someone want to send mail to recipient in mine server (because I got relaying turned off and set sasl auth so only problem sending to my recipient) then his IP must got revDNS on domain from where mail was sent (so revDNS of IP should be paypal.com). Is that even possible?? Futher more is there possible to set EHLO to user IP revDNS rather that what he typed??
Actually only I received spoofed paypal mail, but mine users are more like "normal" people and could be confused with that type of spam :( I apprecieate any help from you side here guys :)
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
My problem is still not solved, but at least i know that this is impossible to do like I would think it could;) Poits here for you ppl for at least some light there
You could also setup your postfix to check SPF records before accepting incoming emails. While not 100% perfect, most big free email provider to use SPF to announce servers which are expected to send email from their domain, and thus cuts back on email spoofind. Instructions at:
http://www.howtoforge.com/postfix_spf
Hope this helps,
Christophe