I have a postfix server correctly configured to allow incoming mail to my domain, and to require authentication in order to send mail to any other network.
A lot of spam that I get has a forged "from" address of non-existent users at my own domain. SPF could stop this, and I have SPF configured in my DNS, but I'm not sure I want to go the route of fully blocking all SPF fails at the SMTP level.
Is there a quick postfix configuration item I can add that would reject incoming email which is FROM mydomain and wasn't authenticated?
To be very specific, this is my postfix conf:
smtpd_relay_restrictions = permit_sasl_authenticated, reject_unauth_destination
smtpd_recipient_restrictions =
permit_sasl_authenticated,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_rhsbl_sender dbl.spamhaus.org,
permit
smtpd_sender_restrictions = reject_unknown_sender_domain
smtpd_helo_restrictions = reject_unknown_helo_hostname, reject_invalid_helo_hostname
yet it is still possible to connect to port 25 and
MAIL FROM: [email protected]
RCPT TO: [email protected]
without authenticating.