Is there a reliable way to reject incoming mails with a spoofed e-mail address?
What kind of checks does postfix run normally on incoming mails?
- does postfix check the reverse dns by default?
- does postfix have any other checks built-in and activated by default?
- what kind of filters / milters are useful to prevent accepting spoofed mails?
Thank you for your help.
Best Answer
Basically email was run over Simple Mail Transfer Protocol. It's very simple so there are no spoofing prevention mechanism in its earlier specs. Take a look on these two excellent answers about email spoofing on security.SE
Over the years, there are some techniques implemented to identify spoofed email address, for example:
See also our canonical question about this topic: Fighting Spam - What can I do as an: Email Administrator, Domain Owner, or User?
To find out what default config shipped with postfix, please run
postconf -d. And then take a look on smtpd_*_restriction. As default, postfix just run two checks,Yes, but postfix only gave warning when reverse dns check fail. Here the sample warning from maillog.
If you consider to reject client based on their rDNS, see the discussion over here: Is it good practice or too draconian to reject mails from mailservers with no RDNS
Check this page, and look for entry smtpd_*_restriction (e.g smtpd_client_restriction, smtpd_helo_restriction and so on). There are many check on postfix for example but as I said above, by default only two checks enabled.
There are some milter/third apps to provide assists postfix battle spoofed email by applying four techniques I said above. For example tumgreyspf, opendkim, opendmarc and many others.