check_sender_access - restrict email from bogus sender

Question

Free Tibet Author

Level 1

21 points

check_sender_access - restrict email from bogus sender

Hi,

I am wondering how to bounce email pretending to be from one of our domains on our system.

for instance if we say

eric@*****

is my email address and

mydomain.com

is my domain for email on our OS X server....

how do we stop anyone sending in email pretending to be eric@*****

I guess you would use check_sender_access somehow to restrict sender address' being anything other than mydomain.com if not from our system.

This is slightly complicated by the fact we use a web based bulk mail system in the cloud which also sends emails out to our clients.

Posted on Nov 18, 2015 2:53 AM

Reply

Answer 1

UptimeJeff

Level 4

3,479 points

Feb 4, 2016 7:39 PM in response to Free Tibet

The question is a bit old... but its a great topic.

We all know:

SMTP/Port 25: is generally used for incoming mail from other servers

SMTP-Submission/Port 465 or 587: used for mail submission from users

Port 25 can be setup to only accept mail for local delivery (no relay for users) and to deny a From address matching local domains.

This prevents spammers from relaying on port 25, even with smtp credentials - and it prevents mail forged with a from address in your domain delivered to your users.

Doing this requires that you can force staff to use the submission port. This has gotten a little tougher because yosemite+ mail client will auto-detect SMTP ports and will try port 25 when you really don't want it to. You could alway put From:You in sender_access for port 25, but have no sender_access on port 25.

This would allow you (just you) to be shielded from anyone delivering on port 25 with your email in the From address.

HTH

Jeff

Reply