1

I'm getting a high value of spam with the sender faked as my own email address i.e. from name@example.com

Now all emails from my domain example.com are sent using a particular server. How can I setup a procmail filter (or other filter) to delete all emails purporting to originate from example.com which are not sent through this particular SMTP server?

Or perhaps there's a better way to do this with the SMTP server itself (postfix).

EDIT: the spam is coming from multiple SMTP servers. I guess I just want a rule to say if there is an email of the form xxx@example.com and it does not come from SMTP server mail.example.com, then the email should be blocked.

EDIT: I'll go with the SPF option, though if someone can also show how it can be done with procmail, I would be interested to learn this also.

2 Answers2

0

If you know it's only a single SMTP server (and single IP) that you want to block, I'd suggest using iptables or something like that. Better to prevent the e-mail from even being processed by the server. You can do that with a line like this:

iptables -A INPUT -s 71.230.228.47 -j DROP

Keep in mind though, that this won't prevent the spoofed e-mail. It will only prevent that particular server (IP) from sending you anything.

Edit: Ah, apparently I really misread "particular SMTP server." Another quick solution using procmail like you suggested can be found here. You can pull the IP address into a variable, and then use that in the procmail recipe to check against your server's IP. This is definitely just the "quick-fix" solution, as topdog's answer about SPF is the more robust solution.

Paul Kroon
  • 2,250
  • 1
  • 16
  • 20
0

SPF, DKIM are designed to stop this sort of thing. You can block those mails at MTA level without accepting them using either SPF or DKIM

topdog
  • 3,520
  • 17
  • 13
  • Thanks. I may end up implementing SPF, but was hoping there might be an easier 'quick fix' solution. –  Jul 23 '10 at 09:27