How to prevent remote hosts from delivering mail to Postfix with spoofed From header?

Posted by Hongli Lai on Server Fault See other posts from Server Fault or by Hongli Lai
Published on 2011-10-13T11:02:52Z Indexed on 2012/07/04 21:18 UTC
Read the original article Hit count: 282

Filed under:

postfix

|

smtp

I have a host, let's call it foo.com, on which I'm running Postfix on Debian. Postfix is currently configured to do these things:

All mail with @foo.com as recipient is handled by this Postfix server. It forwards all such mail to my Gmail account. The firewall thus allows port 25.
All mail with another domain as recipient is rejected.
SPF records have been set up for the foo.com domain, saying that foo.com is the sole origin of all mail from @foo.com.
Applications running on foo.com can connect to localhost:25 to deliver mail, with [email protected] as sender.

However I recently noticed that some spammers are able to send spam to me while passing the SPF checks. Upon further inspection, it looks like they connect to my Postfix server and then say

HELO bar.com
MAIL FROM:<[email protected]>     <---- this!
RCPT TO:<[email protected]>
DATA
From: "Buy Viagra" <[email protected]>   <--- and this!
...

How do I prevent this? I only want applications running on localhost to be able to say MAIL FROM:<[email protected]>. Here's my current config (main.cf): https://gist.github.com/1283647

© Server Fault or respective owner

Related posts about postfix

postfix: Temporary lookup failure

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have followed the tutorials step by step for installing and configuring postfix https://help.ubuntu.com/community/Postfix https://help.ubuntu.com/community/PostfixBasicSetupHowto I am trying to test the services to whether Temporary lookup failure error telnet localhost 25 250 2.1.0 Ok rcpt to:… >>> More
postfix with mailman

as seen on Server Fault - Search for 'Server Fault'
What should happen is that [email protected] should be delivered to that users inbox on localhost, user@localhost. Thunderbird works fine at reading user@localhost. I'm just using a small portion of postfix-dovecot with Ubuntu mailman. How can I get postfix to recognize the FQDN and deliver… >>> More
saslauthd + PostFix producing password verification and authentication errors

as seen on Server Fault - Search for 'Server Fault'
So I'm trying to setup PostFix while using SASL (Cyrus variety preferred, I was using dovecot earlier but I'm switching from dovecot to courier so I want to use cyrus instead of dovecot) but I seem to be having issues. Here are the errors I'm receiving: ==> mail.log <== Aug 10 05:11:49 crazyinsanoman… >>> More
centos postfix send email problem

as seen on Server Fault - Search for 'Server Fault'
Hello. I have a big problem with postfix. I can receive mail in webmin and outlook but I can't send (only on local I can - user to user). Dovecot is working just fine. Sendmail is disable. Please help me. postfix -n postfix: invalid option -- n postfix: fatal: usage: postfix [-c config_dir] [-Dv]… >>> More
Migrating users and mailboxes from postfix / Maildir to Postfix with Mysql backend

as seen on Server Fault - Search for 'Server Fault'
So I've got 60 or so users on a hand rolled postfix installation on openbsd and I'd like to move their mailboxes to our new mail server running iRedMail (postfix, vmail/mysql back end) Does anyone know of a good way to do this? Preferably a script I can run to keep syncing the users mailboxes as… >>> More

Related posts about smtp

JavaMail not sending Subject or From under jetty:run-war

as seen on Stack Overflow - Search for 'Stack Overflow'
Has anyone seen JavaMail not sending proper MimeMessages to an SMTP server, depending on how the JVM in started? At the end of the day, I can't send JavaMail SMTP messages with Subject: or From: fields, and it appears other headers are missing, only when running the app as a war. The web project… >>> More
Gmail smtp, Blackberry, BB, socketConnection, send email via gmail smtp programmatically

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello! Somebody can help me how can i use the gmail smtp server programmatically via socketConnection. My question is how i can write write a TSL/SSL authentication because i can`t communicate with the server?? Somebody did it from java on blackberry ? Thank You Alex >>> More
How to resovle javax.mail.AuthenticationFailedException issue?

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, I am doing a sendMail Servlet with JavaMail. I have javax.mail.AuthenticationFailedException on my output. Can anyone please help me out? Thanks. sendMailServlet code: try { String host = "smtp.gmail.com"; String from = "[email protected]"; String pass = "pass"; Properties… >>> More
Debugging Messaging Exception

as seen on Stack Overflow - Search for 'Stack Overflow'
We have a batch program that incorporates JavaMail 1.2 that sends emails. In our development environment, we haven't got the chance to encounter the above mentioned exception. But in the client's environment, they had experienced this a lot of times with the following error trace: javax.mail.MessagingException:… >>> More
Postfix Submission port issue

as seen on Server Fault - Search for 'Server Fault'
I have setup postfix+mailman on my debian server and i have an issue with postfix submission port. My ISP blocks SMTP on port 25 to prevent *spams and i must to use submission port (587). I have uncomment the following line from master.cf (/etc/postfix/) but nothing happens. submission inet… >>> More