Hi folks,
AFAICS opensmtpd can reject EMails with a spoofed from address
in the envelope, as shown in smtpd.conf(5). But how can I reject
EMails with a spoofed "From: " address in the EMail header,
matching my own domain?
See below for smtpd.conf. EMails with a spoofed From addresses get
through via rule 8.
Every insightful comment is highly appreciated.
Harri
----------------------------------------------------------------------
xname = "mail.example.de"
pki $xname cert "/etc/ssl/public/mail.example.de.chain.pem"
pki $xname key "/etc/ssl/private/smtpd.key.pem"
pki $xname dhe auto
listen on lo0 tls pki $xname
listen on internal tls pki $xname
listen on external tls pki $xname
table aliases db:/etc/mail/aliases.db
table trusted_mta { 10.1.0.11 10.1.0.22 }
table at_example {"@example.de", "@example.com", "@*.example.de",
"@*.example.com"}
table example {"example.de", "example.com", "*.example.de",
"*.example.com"}
action "local" mbox alias <aliases>
action "relay_example" relay host smtp://mail.int.example.de helo
"mail.example.de"
action "relay_external" relay src { 10.0.0.1 2001:db8:ffff:ffff::1 } helo
"mail.example.de"
match from local for local action "local"
match from local for domain <example> action
"relay_example"
match from local for any action
"relay_external"
match from src <trusted_mta> for domain <example> action
"relay_example"
match from src <trusted_mta> for any action
"relay_external"
match from any mail-from <at_example> for any reject
match mail-from <at_example> for any reject
match from any for domain <example> action
"relay_example"
# the rest is rejected by default
match from any for any reject
