Home / server / Questions / 428754
Accepted
malloc4k
Asked: 2012-09-16 11:31:52 +0800 CST

E-mail address spoofing by spammers - how to block it in Postfix/Spamassassin?

  • 772

I run a Postfix mail server using Spamassassin as after-queue filter.

It works quite well, but sometimes I get spam from the network that has correct MAIL FROM: address, but also contains, in DATA: section, different forged address something <at> mydomain.com.

Most e-mail client programs, including Thunderbird and Outlook, displays it using the second ( forged ) address.

I would like to block such messages automatically, but I can't do it using smtpd_recipient_restrictions ( forged address resides in DATA: section ).

It also have nothing to do with SPF since MAIL FROM: ( envelope sender ) address may be correct according to SPF.

Then how can I do it using Postfix settings or Spamassassin rules ?

postfix

1 Answers

  1. Best Answer

    Postfix doesn't care about the mail content. $smtpd_recipient_restrictions look at the envelope-from, not at the From: header in the mail, and you can't use header_checks for this:

    Message headers added by the cleanup(8) daemon itself are excluded from inspection. Examples of such message headers are From:, To:, Message-ID:, Date:.

    Not to mention that it's unwise to block messages where the From: header differs from the envelope-from. Mailing lists for instance will use the mailing list address (or a VERP address) in the envelope, while the original From: address will remain in the body.

    • 3