Hi, I'm already using:
smtpd_sender_restrictions = reject_unlisted_sender, check_sender_access hash:/etc/postfix/sender_access reject_unknown_sender_domain, reject_non_fqdn_sender, permit But the "loophole" here is that blank sender/return-path is allowed (MAILER DAEMON), I could prohibit that, but with huge caveats. > On 22 Aug 2022, at 17:20, post...@ptld.com wrote: > > This isn't the complete answer to your problem, but one of the puzzle pieces > that might help your situation. > > smtpd_recipient_restrictions = reject_non_fqdn_sender > http://www.postfix.org/postconf.5.html#reject_non_fqdn_sender > > >> We have received a big batch of phishing emails that was not properly >> detected (hence not blocked). They all shared a special characteristic: >> To: Recipients >> From: Administrateur >> Reply-To: <nore...@admin.fr> >> Return-Path: <> >> To and From are not qualified email addresses, Reply-To is bogus but >> qualified even though admin.fr does not have an MX record. Envelope Mail >> From / Return-Path is blank. >> Is there a proper way to block this kind of junk in Postfix or do I have to >> rely on my antispam (that will need tuning, obviously)? >