On 22 Mar 2019, at 19:45, Bill Cole <postfixlists-070...@billmail.scconsult.com> wrote: > Do not accept mail claiming to be from any address in a local domain on the > port 25 (smtp) smtpd service. Only accept such mail via port 587 (submission) > and 465 (smtps) services configured to require authentication.
And the way to do this is: /etc/postfix/sender_access.pcre: /^@/ 550 Invalid address format. /[!%\@].*\@/ 550 This server disallows weird address syntax. /@kreme.com$/ 450 Spoofing local domain? /^postmas...@kreme.com$/ 550 Don't Spoof as my postmaster /^postmaster\@/ OK /^hostmaster\@/ OK /^abuse\@/ OK main.cf: smtpd_recipient_restrictions = {stuff} check_sender_access pcre:$config_directory/sender_access.pcre, permit This very rarely triggers for me because mail gets rejected by the previous criteria in nearly all cases: smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_invalid_hostname, reject_unlisted_recipient, reject_unlisted_sender, reject_unknown_reverse_client_hostname, warn_if_reject reject_unknown_client_hostname, check_recipient_access hash:$config_directory/recipient_access, check_sender_access pcre:$config_directory/sender_access.pcre, permit