I have a host, let's call it foo.com, on which I'm running Postfix on Debian. Postfix is currently configured to do these things:
- All mail with @foo.com as recipient is handled by this Postfix server. It forwards all such mail to my Gmail account. The firewall thus allows port 25.
- All mail with another domain as recipient is rejected.
- SPF records have been set up for the foo.com domain, saying that foo.com is the sole origin of all mail from @foo.com.
- Applications running on foo.com can connect to localhost:25 to deliver mail, with something@foo.com as sender.
However I recently noticed that some spammers are able to send spam to me while passing the SPF checks. Upon further inspection, it looks like they connect to my Postfix server and then say
HELO bar.com
MAIL FROM:<info@foo.com> <---- this!
RCPT TO:<info@foo.com>
DATA
From: "Buy Viagra" <info@foo.com> <--- and this!
...
How do I prevent this? I only want applications running on localhost to be able to say MAIL FROM:<something@foo.com>. Here's my current config (main.cf): https://gist.github.com/1283647
Best Answer
You need the smtpd_sender_restrictions to be:
and in
/etc/postfix/notfrommeyou putthen
postmap /etc/postfix/notfrommeand reload postfix.Done.