On Tue, Jan 13, 2009 at 3:32 PM, Noel Jones <njo...@megan.vbhcs.org> wrote: > Bruno GRANDJEAN wrote: >> >> thks for replying to me so quickly, I will add a: >> reject_rbl_client zen.spamhaus.org >> in my /etc/postfix/main.cf >> I already added : >> reject_rbl_client ips.backscatterer.org >> >> how can I reject mail from outside claiming to be from my domain? > > [plain-text only please] > [please don't top post] > > something like: > smtpd_sender_restrictions = > permit_mynetworks > check_sender_access hash:/etc/postfix/not_my_domain > > # not_my_domain > example.com REJECT > > This is not without risk. Some legit mail (mostly notification services and > some mail lists) will arrive with your domain as sender, but this might help > as a short-term solution to your problem. > > Don't be tempted to reject your domain in the From: header, that would > reject a great deal of legit mail - such as your postings to this list. >
we use a home grown policy filter for various things, I have been thinking about adding smtp to=from checks since it's almost zero additional resources to do. is it practical to attempt a sort of whitelist to allow the valid cases and then block the rest? is this a stupid idea? unfortunately SPF isn't an easy solution because we handle mail for many organizations and we haven't gotten much cooperation from them, but if that is a better way then I will keep harping on it. -Aaron
