<!DOCTYPE html><html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /></head><body><div data-html-editor-font-wrapper="true" style="font-family: arial, sans-serif; font-size: 13px;"><div><div><div style="font-family: arial, sans-serif;font-size: 13px"><div><div><div style="font-family: arial, sans-serif;font-size: 13px"> <br>Hi Bilal,<br><br>ok so the spam you get seems sent directly to your mailserver. Spambot A) is connecting directly to your mail.dom123.com:25 and says "hey, I am <a target="_blank" rel="noopener noreferrer" href="mailto:bilal@123.com">bilal@123.com</a> and I have a mail for <a target="_blank" rel="noopener noreferrer" href="mailto:contact@123.com">contact@123.com</a>" and your postfix should, before even MailScanner is scanning for spam, reject this sender domain address. Because its not send by your interal IPs.<br><br>Make sure you have all the IP-ranges from your internal network in /etc/main.cf in mynetwork = configured, in my case it looks like this:<br><br>mynetworks = 172.16.0.0/16, 172.17.0.0/16, 172.18.0.0/16, 192.168.0.0/16, 127.0.0.0/8<br><br>Now we will configure postfix to reject all incomming e-mails from domain sender "@123.com" if the sender-ip IS NOT an IP listed in "mynetwork". I guess there are multiple solutions possible in postfix, i got it sucessfully rejected by this way:<br><br>1. Create a "do not spoofe this domains file" with your domains here: /etc/postfix/spoofingprotected_domains<br>2. Fill in this file your domains you want protect from spoofing, for example my file looks like this:<br><br>#The following entries are to REJECT sender domain. Be sure, permit_mynetworks rule set before this list in main.cf<br>123dom.com REJECT<br>anotherdomainfromme.com REJECT<br><br>3. Make the file readable by postfix by running postmap: "postmap /etc/postfix/spoofingprotected_domains"<br><br>4. Now you have to put this "spoofing blacklist" on the right place in /etc/main.cf. Again - there are maybe multiple solutions, but here is mine:<br><br>Extend the option "smtpd_sender_restrictions =" with this file, but make sure, "permit_mynetworks" is BEFORE the new file spoofingprotected_domains. So postfix will still allow "123dom.com" as sender for your mynetwork= ip adresses, but postfix will reject sender domains in /etc/postfix/spoofingprotected_domains if not your ip. My line looks like this:<br><br>smtpd_sender_restrictions = reject_unknown_sender_domain, permit_mynetworks, hash:/etc/postfix/spoofingprotected_domains<br><br>5. Restart Postfix. Done.<br><br>You should try the new configuration by yourself, login to web-server outside your ip-range and try to send yourself an email from 123dom.com to 123dom.com with telnet. It should deny your mailtest already at step2 like this:<br><br>ehlo 123dom.com<br>MAIL FROM:<<a target="_blank" rel="noopener noreferrer" href="mailto:bilal@123dom.com">bilal@123dom.com</a>><br>MAIL FROM:<<a target="_blank" rel="noopener noreferrer" href="mailto:bilal@123dom.com">bilal@123dom.com</a>><br>554 5.7.1 <<a target="_blank" rel="noopener noreferrer" href="mailto:bilal@123dom.com">bilal@123dom.com</a>>: Sender address rejected: Access denied<br><br>(Hehe, "access denied" is an ugly error message, more pretty would be "this domain cannot be a sender-address without being internal ip", but hey, who cares!)<br><br>And also test if all other mails are still working properly, not that you damage your production : o )<br><br>Hope this helps<br>Schroeffu<br><signature></signature> </div></div></div></div></div></div></div></body></html>