On 23/04/2019 18:34, Bill Cole wrote:
On 23 Apr 2019, at 11:46, John Peach wrote:
On 4/23/19 11:39 AM, Paul wrote:
Yes I agree with Kevin here, the best solution to this problem is an
spf record set to reject mail from any ip that’s not in your allowed
list of ips for your domain. Forging a from address is very easy and
is one of the main purposes of why spf was created.
There is no need to go to those lengths - assuming that all your own
email is being submitted over port 587, include -o
receive_override_options=no_header_body_checks in the master.cf entry
for submission and use a PCRE header checks file for port 25.
/^From:.*\@example\.com/ REJECT
So you don't want to accept messages you or anyone else in your domain
posts to a mailing list such as this one?
Seems risky...
I hadn't thought of that, so thanks Bill for pointing it out.
To the top of my pcre header_checks file, I have added ;
/^List-ID:.*Postfix users <postfix-users@postfix.org>/ OK
I think this is destined to fail though???
header_checks.5' states :
'Each message header or message body line is compared against a
list of patterns.'
Because "From:" will come before "List-Id:" in the message body, a
"From:" containing my domain should match a REJECT line before an OK
from List-ID.
However, further down header_checks.5 under 'Table search Order' it says:
' When a pattern is found that matches the input line, the
corresponding action is executed and then the next input line is
inspected.'
So if the action is executed, goodbye message, but if header checks
continues to check the following lines it will find an OK by List-Id.
I suspect that I will not receive a copy this message, but don't know
for sure. One way to find out {SEND}.
Best wishes,
Mick.
