Aaron Wolfe wrote:
we use a home grown policy filter for various things, I have been thinking about adding smtp to=from checks since it's almost zero additional resources to do. is it practical to attempt a sort of whitelist to allow the valid cases and then block the rest? is this a stupid idea? unfortunately SPF isn't an easy solution because we handle mail for many organizations and we haven't gotten much cooperation from them, but if that is a better way then I will keep harping on it. -Aaron
I can certainly imagine this blocking legit mail, but if you get a large amount of spam such a rule would block, go for it. As you said, adding such a check to an existing policy server adds practically zero overhead. Just keep an eye on it, especially at first.
There may be better ways to block what you are getting. Examine the postfix logs and the unwanted mail and look for patterns other than the From=To, such as the client being listed on some RBL, client in dynamic/home user space, rogue ISP, suspect HELO name, etc.
-- Noel Jones
