Block email faking to be from our domain but coming from outside?

[Peter Lemieux]

I find these problems more easily resolved at the SMTP level.  I use 
sendmail and its access.db mechanism for this task.  My /etc/mail/access 
file permits mail from localhost and specific local networks, then has a 
generic REJECT rule for any other mail with From's spoofing my domain. 
Something like this:

Connect:127.0.0.1          RELAY
Connect:10.10.10.          RELAY

From:mydomain.com          REJECT

[etc.]

.                          REJECT

You could replace 10.10.10. with the Exchange server's IP.

I also manage a postfix server where we use a different method.  In main.cf 
we have

smtpd_sender_restrictions = reject_unknown_sender_domain,
    check_sender_access pcre:/etc/postfix/sender_access

and the sender_access file contains

# no mail from outsiders claiming to be us
/\.mydomain\.com$/         REJECT


See "man access" and http://www.postfix.org/SMTPD_ACCESS_README.html.

Peter


On 06/08/2018 05:35 AM, Remco Barendse wrote:
> See more and more messages incoming with fraud attempts. The mail is 
> constructed to look like from someone in our organization sent it and is 
> addressed to people within the organization.
> 
> Is there any way to block email with a sender that pretends to be coming 
> from @myowndomain.com but coming from outside?
> 
> I use Exchange and all real email is coming only from Exchange, never from 
> outside.
> 
> What would be the right way to do it?