Block email faking to be from our domain but coming from outside?

David Jones djones at
Mon Jun 11 11:21:53 UTC 2018

On 06/11/2018 04:37 AM, Remco Barendse wrote:
> Thanks for your comments and help :)
> Tried the rules below but stops all inbound email with 
> a relaying denied message even though i have in the 
> mailertable.
> I tried adding :
>    RELAY
> But then when i telnet to the mailserver it still says :
> MAIL FROM: <support at> 250 2.1.0 <support at>... 
> Sender ok
> Also, now have a simple line with ip of the exchange server and RELAY 
> behind it, when i change that Connect:localip     OK
> it doesn't relay mail anymore.
> I am missing something very obvious here?

I don't recommend solving this problem this way if your MailScanner 
server is handling both inbound and outbound mail filtering for your domain.

Tune your SA a bit to solve this and it will help improve your filtering 
accuracy overall.  Make sure your SA trusted_networks and 
internal_networks are setup correctly for your network and mail flow and 
then use the ALL_TRUSTED rule hit in a meta rule to block the fake 
inbound emails from the Internet.

shortcircuit ALL_TRUSTED off
score ALL_TRUSTED -0.2

header	__FROM_MYDOMAIN_COM	From:addr =~ /\@mydomain\.com/i


The From:addr above will be the visible From: header in the mail client 
that is protected by DMARC.  If you are getting spoofed envelop-from 
domain that is protected by SPF, then you need to handle this a little 

I recommend installing python-postfix-policyd-spf, opendkim, and 
opendmarc as milters in Postfix.  Only run them on the smtpd_milters and 
not on the non_smtpd_milters with MailScanner.  Then you will have extra 
headers to check in SA in local rules to better integrate SPF, DKIM, and 
DMARC into SA.

David Jones

More information about the MailScanner mailing list