> -----Original Message----- > From: Clunk Werclick [mailto:clunk.wercl...@wibblywobblyteapot.co.uk] > Sent: Wednesday, July 29, 2009 11:34 PM > To: Nick Sharp > Cc: 'postfix-users' > Subject: RE: Stop spammers sending us spam from users in our domain... > > On Wed, 2009-07-29 at 23:26 +0930, Nick Sharp wrote: > > > > > > > This is how I block those pesky spoof mail spams; > > > > > > EDIT main.cf > > > smtpd_recipient_restrictions = > > > permit_mynetworks > > > permit_sasl_authenticated > > > reject_unauth_destination > > > .... > > > check_sender_access hash:/etc/postfix/spoofprotection > > > > > > > > > CREATE /etc/postfix/spoofprotection > > > #spoof protection > > > domain1.com REJECT we dont mail ourselves > > > domain2.com REJECT we dont mail ourselves > > > > > > BUILD MAP TO IT > > > postmap /etc/postfix/spoofprotection > > > > > > RELOAD > > > postfix reload > > > > > > Caveats; > > > Breaks forwarding (where this is relevant) > > > Other caveats may exist too and someone else may point out a better > way > > > or other issues. This has worked for me and I am very happy with > it. > > > > > > > Thanks Clunk, > > This looks like the way to go, both Brian and yourselves concur.. > > > > Just about to test this, but wanted to confirm your 'breaks > forwarding' > > caveat, I do have some transports configured, and internal filters > (amavis > > and procmail) but it sounds like these should be ok, can you > elaborate a > > little? (the mail serve is stupid busy at around 15000 mails a day - > thats > > delivered mail!! So want to be sure.. 1 min of problems means a lot > of mail > > to find/verify :) > > > > Thanks Again. > > Nick > > > > > My apologies for the terse caveat. As I understand it, there are some > external mail services that roaming users may use that forward mail > into > your Postfix claiming to be from your domain. Myself I do not use this. > Relations in England talk of this with Blackberry and O2 when using > IPhone but these are far too modern for me to understand. > > Please hope an expert comes along and soon with a fuller answer, but I > think you will be mostly safe with that. If there should be a problem > your sender will no right away in most cases. > --
Ahh I have both and iphone and users with blackberry, and with the current configuration they should have sasl configured or they could only email our own domains.. this will weed out those who don't have the right setup on their client :) Thanks again. Fire in the hole, fire in the hole, fire in the hole!! Nick
