I presently have a Postfix installation happily delivering mail (webmail/IMAP) for 100+ users at our company, broadly divided among several domains (sales, operations, management, etc). Recently, someone leaked (don't know who, doesn't matter) the collective address for the salespeople to a spam harvester, who is now spear-phishing with that because it goes to 30+ sales employees. The forward looks like this:
[email protected] ====> [email protected], [email protected], [email protected] [email protected]
Each of them are now receiving via that forwarding address much spam to contact HR at (malicious link) to update their W-2 address, or collect a secure message, or somesuch.
The forward was set up with the foreknowledge that such a forward could be misused and probably would be at some point, but political constraints forced its creation before I was able to look into how to limit it, and then it worked and wasn't abused for more than three years. There's probably a commentary on the relative unimportance of my company or an underestimation of human nature in there somewhere.
What I want is only to allow mail to that forwarding address (but not ANY forwarding address, as I have several which are info@ types) only from email addresses in specified domains, i.e. @mycompany.com.
My Postfix installation is using MySQL virtual lookups for domains, forwarding, and users, similar to what's described here and other places on the net. It all works flawlessly at this point, except that some forwards are a little too easy to mail to.
Once again, I only want to limit sender domain for selected forwards, not all forwards. We are presently mitigating this by using the bcc: field when mailing to these lists, so the actual list address doesn't leave the building. This does limit discussion among the recipients via reply-all, not sure if that's a feature or bug at this point.
Probably the best solution would be to use a mailing list or to write custom SpamAssassin rules, but there is also a simple, if a little brittle, way of doing this purely in Postfix using
smtpd_recipient_restrictions.Add the following to
smptd_recipient_restrictionsin main.cf:In
/etc/postfix/sender_access, write a rule that permits mycompany.com:In
/etc/postfix/recipient_access, write a rule that blocks mail to [email protected]:Be sure to recompile these files after any changes by running the
postmapcommand:The first
smptd_recipient_restrictionsrule checks the sender. If it's in the mycompany.com domain, the message is immediately accepted. If not, it will advance to the next rule, which checks the recipient. If it's your salespople alias, it's rejected. As you can see, it accomplishes what you need, though it's a little inflexible becuase you can't arbitrarily pair up sender domains with recipient addresses.If you already have
smptd_recipient_restrictionsrules in place, make sure you position these rules so you're not accidentally short-circuiting other rules.You can probably store the sender_access and recipient_access tables in MySQL instead of files, though I have no experience with that.