On Thu, Aug 27, 2009 at 4:29 AM, Voytek Eymont<[email protected]> wrote: > > On Wed, August 26, 2009 5:49 am, ghe wrote: > >> I've done this by declaring my own internal domain names: slsware.dmz >> and .lan in the 192.168 1918 IP block and adding them to mynetworks. Then I >> just reject all mail from my .com domain by putting "check_helo_access >> hash:/etc/postfix/helo_checks" very early in the >> smtpd_recipient_restrictions: > >>> # This file has to be "compiled" with postmap >>> # postmap hash:/etc/postfix/helo_checks ; postfix reload >>> >>> >>> localhost REJECT You are not localhost slsware.com >>> REJECT No, no, no. >>> You send *to* slsware.com >>> .slsware.com REJECT No, no, no. You send *to* slsware.com > What if the spammer does the following?
EHLO mail.otherdomain.com MAIL FROM: [email protected] RCPT TO:[email protected] In that case, would the forged email be rejected with check_helo_access? > I have that for my own domain > > do I add all the domains that are on my mailserver ? > or just for the domain that runs the mail server (and MX) ? > > > > -- > Voytek > >
