DevHeads.net

Stopping acceptence from unowned networks address as from my domains

I got this email, which I thought I set up postfix to block

From <a href="mailto: ... at mrbrklyn dot com"> ... at mrbrklyn dot com</a> Wed Feb 6 06:26:12 2019
Return-Path: < ... at mrbrklyn dot com>
X-Original-To: <a href="mailto: ... at mrbrklyn dot com"> ... at mrbrklyn dot com</a>
Delivered-To: <a href="mailto: ... at mrbrklyn dot com"> ... at mrbrklyn dot com</a>
Received: from mail.isentia.asia (mail.mediabanc.ws [203.223.144.88])
by mrbrklyn.com (Postfix) with ESMTP id BE463161132
for < ... at mrbrklyn dot com>; Wed, 6 Feb 2019 06:25:50 -0500 (EST)
Received: from fixed-187-189-92-126.totalplay.net (187.189.92.126) by
mail.mediabanc.ws (10.61.3.33) with Microsoft SMTP Server id
8.1.240.5; Wed,
6 Feb 2019 15:36:09 +0800
Message-ID: <20190206014006. ... at mrbrklyn dot com>
MIME-Version: 1.0
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-UID: 55347
Status: RO
Content-Length: 36872
Lines: 561

This is addressed as me in the From line and came from outside my
local network

I want domain being accepted From my domain only is it comes from within
the local network

Comments

Re: Stopping acceptence from unowned networks address as from my

By Lucius Rizzo at 02/07/2019 - 10:53

On Wed, Feb 06, 2019 at 08:44:40PM -0500, Ruben Safir wrote:
Setup SPFi (SPF hardfail) , DKIM, DMARC properly

Re: Stopping acceptence from unowned networks address as from my

By Ruben Safir at 02/07/2019 - 14:04

postfix can do this without further infrastructure

On Thu, Feb 07, 2019 at 07:53:38AM -0800, Lucius Rizzo wrote:

Re: Stopping acceptence from unowned networks address as from my

By =?UTF-8?Q?Franc... at 02/06/2019 - 23:24

I asked  the same and Vietse Venema answer this:

Postfix 3.0 and later:

/etc/postfix/main.cf:
     smtpd_sender_restrictions =
         permit_mynetworks
         permit_sasl_authenticated
         check_sender_access inline:{
             { example.com = REJECT local sender from unauthorized
client }
             { other.example = REJECT local sender from unauthorized
client }
         }

Instead of example.com and other.example, specify your email domains.

Note: this breaks email from remote mail forwarders or from remote
distribution lists that don't reset the sender address.

this worked perfectly for me

*************************************************************************************************
Este mensaje y todos los archivos adjuntos son confidenciales y de uso exclusivo por parte
de su/sus destinatario/s. Si usted ha recibido este mensaje por error, le agradecemos que
lo notifique inmediatamente al remitente y destruya el mensaje. Queda prohibida cualquier
modificación, edición, uso o divulgación no autorizados. El Emisor no se hace responsable
de este mensaje si ha sido modificado, distorsionado, falsificado, infectado por un virus o
editado o difundido sin autorización.

***********************************************************************************************
This message and any attachments are confidential and intended for the named addressee(s) only.
If you have received this message in error, please notify immediately the sender, then delete
the message. Any unauthorized modification, edition, use or dissemination is prohibited.
The sender shall not be liable for this message if it has been modified, altered, falsified, infected
by a virus or even edited or disseminated without authorization.
***********************************************************************************************

El 07/02/2019 a las 2:44, Ruben Safir escribió:

Re: Stopping acceptence from unowned networks address as from my

By lists at 02/07/2019 - 20:30

On Thu, 7 Feb 2019 05:24:08 +0100

I'm having trouble finding check_sender_access AND inline. Is inline
some way of not using hash? For example, I have:

check_sender_access hash:/etc/postfix/sender_checks,

Maybe I'm using this wrong. I have this set up to whitelist addresses.
That is my sender_checks looks like

<a href="mailto: ... at ok dot com"> ... at ok dot com</a> OK

I'm not using this to reject anything.

Re: Stopping acceptence from unowned networks address as from my

By Dominic Raferd at 02/08/2019 - 02:17

On Fri, 8 Feb 2019 at 01:31, <a href="mailto: ... at lazygranch dot com"> ... at lazygranch dot com</a> < ... at lazygranch dot com>
wrote:

re inline see <a href="http://www.postfix.org/DATABASE_README.html" title="http://www.postfix.org/DATABASE_README.html">http://www.postfix.org/DATABASE_README.html</a>

What you are doing is fine but whitelisting in general carries risk and
whitelisting on the envelope sender especially because this parameter is
easily faked and it will not usually be seen by the recipient. I use
check_sender _access whitelisting only for a few cases where legitimate
mails have previously been wrongly blocked by subsequent RBL or
reject_unknown_reverse_client_hostname tests. (If your RBL tests are done
inside postscreen then local whitelisting by envelope sender is too late I
think.) I do however use check_sender_access for blacklisting (REJECT) and
for spam scoring.

Re: Stopping acceptence from unowned networks address as from my

By lists at 02/06/2019 - 20:59

When spammers do this to me, I get a bounced mail due to SPF issues since it really isn't from my server. So maybe something SPF related can do what you want.

  Original Message  

I got this email, which I thought I set up postfix to block

From ... at mrbrklyn dot com  Wed Feb  6 06:26:12 2019
Return-Path: < ... at mrbrklyn dot com>
X-Original-To: <a href="mailto: ... at mrbrklyn dot com"> ... at mrbrklyn dot com</a>
Delivered-To: <a href="mailto: ... at mrbrklyn dot com"> ... at mrbrklyn dot com</a>
Received: from mail.isentia.asia (mail.mediabanc.ws [203.223.144.88])
        by mrbrklyn.com (Postfix) with ESMTP id BE463161132
        for < ... at mrbrklyn dot com>; Wed,  6 Feb 2019 06:25:50 -0500 (EST)
Received: from fixed-187-189-92-126.totalplay.net (187.189.92.126) by
        mail.mediabanc.ws (10.61.3.33) with Microsoft SMTP Server id
        8.1.240.5; Wed,
        6 Feb 2019 15:36:09 +0800
Message-ID: <20190206014006. ... at mrbrklyn dot com>
MIME-Version: 1.0
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-UID: 55347
Status: RO
Content-Length: 36872
Lines: 561

This is addressed as me in the From line and came from outside my
local network

I want domain being accepted From my domain only is it comes from within
the local network

Re: Stopping acceptence from unowned networks address as from my

By Andrey Repin at 02/07/2019 - 09:39

Greetings, Gary!

I'm explicitly rejecting any attempt to push mails with $mydomain in From
through public mail exchanger. If it is internal correspondence from domain
members, they should use submission service, which allows such mails.