On 2011-04-01 11:22:04 (-0500), Vernon A. Fort <[email protected]> wrote: > I'm trying to find a way to block/reject inbound messages forging our > internal email addresses. Meaning their inbound messages using MY email > address but there not originating from my server. > > I cannot seem to find the correct solution. Anyone. > > Vernon >
With restriction classes you can drop this spoofing. Key is to first seperate your own server(s) (e.g. by giving them an OK before this check). Afterwards if the sender-domain matches any of your domain it must be spoofing (as only external servers reach this check) and you can just reject it.
