Block email faking to be from our domain but coming from outside?

Peter Lemieux mailscanner at
Fri Jun 8 15:48:26 UTC 2018

I find these problems more easily resolved at the SMTP level.  I use 
sendmail and its access.db mechanism for this task.  My /etc/mail/access 
file permits mail from localhost and specific local networks, then has a 
generic REJECT rule for any other mail with From's spoofing my domain. 
Something like this:

Connect:          RELAY
Connect:10.10.10.          RELAY          REJECT


.                          REJECT

You could replace 10.10.10. with the Exchange server's IP.

I also manage a postfix server where we use a different method.  In 
we have

smtpd_sender_restrictions = reject_unknown_sender_domain,
    check_sender_access pcre:/etc/postfix/sender_access

and the sender_access file contains

# no mail from outsiders claiming to be us
/\.mydomain\.com$/         REJECT

See "man access" and


On 06/08/2018 05:35 AM, Remco Barendse wrote:
> See more and more messages incoming with fraud attempts. The mail is 
> constructed to look like from someone in our organization sent it and is 
> addressed to people within the organization.
> Is there any way to block email with a sender that pretends to be coming 
> from but coming from outside?
> I use Exchange and all real email is coming only from Exchange, never from 
> outside.
> What would be the right way to do it?

More information about the MailScanner mailing list