On 22 Mar 2019, at 19:45, Bill Cole
<postfixlists-070...@billmail.scconsult.com> wrote:
> Do not accept mail claiming to be from any address in a local domain on the
> port 25 (smtp) smtpd service. Only accept such mail via port 587 (submission)
> and 465 (smtps) services configured to require authentication.
And the way to do this is:
/etc/postfix/sender_access.pcre:
/^@/ 550 Invalid address format.
/[!%\@].*\@/ 550 This server disallows weird address syntax.
/@kreme.com$/ 450 Spoofing local domain?
/^postmas...@kreme.com$/ 550 Don't Spoof as my postmaster
/^postmaster\@/ OK
/^hostmaster\@/ OK
/^abuse\@/ OK
main.cf:
smtpd_recipient_restrictions = {stuff} check_sender_access
pcre:$config_directory/sender_access.pcre, permit
This very rarely triggers for me because mail gets rejected by the previous
criteria in nearly all cases:
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination,
reject_non_fqdn_sender, reject_non_fqdn_recipient,
reject_unknown_sender_domain, reject_invalid_hostname,
reject_unlisted_recipient, reject_unlisted_sender,
reject_unknown_reverse_client_hostname, warn_if_reject
reject_unknown_client_hostname, check_recipient_access
hash:$config_directory/recipient_access, check_sender_access
pcre:$config_directory/sender_access.pcre, permit
