You'll want to add reject_unlisted_sender
to your smtpd_sender_restrictions
.
Without a little planning this will also reject mail from root@hostname.example.com as well, so keep that in mind.
smtpd_reject_unlisted_sender
Request that the Postfix SMTP server rejects mail from unknown sender
addresses. This can slow down an explosion of forged
mail from worms or viruses.
An address is always considered "known" when it matches a virtual(5)
alias or a canonical(5) mapping.
The sender domain matches $mydestination, $inet_interfaces or
$proxy_interfaces, but the sender is not listed in
$local_recipient_maps, and $local_recipient_maps is not null.
- The sender domain matches $virtual_alias_domains but the sender is not listed in $virtual_alias_maps.
- The sender domain matches $virtual_mailbox_domains but the sender is not listed in $virtual_mailbox_maps, and $virtual_mailbox_maps
is not null.
The sender domain matches $relay_domains but the sender is not listed in $relay_recipient_maps, and $relay_recipient_maps is not
null.
This feature is available in Postfix 2.1 and later.
As we can see, this message uses your address as the envelope sender:
postfix/qmgr[19733]: 750991E018: from=<me@example.com>, size=3207, nrcpt=1 (queue active)
This means you have methods for rejecting such messages right after MAIL FROM
(or RCPT TO
, as I do). Regarding the headers like From:
and Date:
, they can be spoofed and contain anything. Additional spam filters like Spamassassin can perform tests against these, but that's another story.
Your email client is showing the time and date provided by the Date:
header rather than the time the server has actually received the mail. You can look at the Received
headers to see the dates added by the servers the message has gone through, but the email client trusts the Date:
header.
METHOD 1: Blacklisting the domain from external sources
The methods aren't in order: the first one is easy to add, but the second one is better in every way.
If this server is the only legitimate source for email from your domain example.com
, you could simply block all messages using from the domain, unless from own networks or an authenticated user, using check_sender_access
. I personally put everything in smtpd_recipient_restrictions
to get more details in the logs before rejecting the connection. For main.cf
:
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
. . .
check_sender_access hash:/etc/postfix/access/sender_access,
. . .
The /etc/postfix/access/sender_access
is a lookup table (remember to postmap
) of white- and blacklisted MAIL FROM
addresses, domains etc. For blacklisting mail from this domain, e.g.
example.com 550 YOU ARE NOT ME.
METHOD 2: Implementing SPF for your domain and testing sender SPF in Postfix
If you have other sources for mail, you can't use the previous method. Also, SPF is something you should really implement to prevent your domain to be used for sending spam. First you add a TXT
record for your domain listing all the authorized senders. See SPF Introduction and Record Syntax.
After that, configure your Postfix to check for SPF (see How To Implement SPF In Postfix). E.g.
- Install Perl with
Mail::SPF
and NetAddr::IP
modules.
Install postfix-policyd-spf-perl
main.cf
:
smtpd_recipient_restrictions =
. . .
reject_unauth_destination,
check_policy_service unix:private/policy-spf,
. . .
master.cf
:
policy-spf unix - n n - - spawn
user=nobody argv=/usr/bin/policyd-spf
Best Answer
Of course the sender can come "from outside"; you need to think carefully about what that actually means.
What if a user submits mail from outside your network ? You don't specify if this is possible.
This is easy if you use submission for all user submission of mail, and only use port 25 for inter-MTA traffic; in that case, simply disallow your local domains using a check_sender_access map:
and in
/etc/postfix/local_domains
:etc.
Don't forget to
postmap
the file whenever you change it: