<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Good Afternoon,<br>
<br>
I have my mailscanner setup as a gateway. I use postfix in my setup
and have done the following to prevent spoofing going to my domain
users.<br>
<br>
in main.cf I put the following<br>
smtpd_recipient_restrictions = reject_unauth_destination,
check_recipient_access hash:/etc/postfix/spoofingprotected_domains<br>
<br>
Add your domain to the spoofingprotected_domains. So far this has
worked for me.<br>
<br>
<div class="moz-cite-prefix">On 07/09/19 12:38 PM, Bilal via
MailScanner wrote:<br>
</div>
<blockquote type="cite"
cite="mid:003d01d53674$c42a9950$4c7fcbf0$@kfueit.edu.pk">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]-->
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Gadugi;
panose-1:2 11 5 2 4 2 4 2 2 3;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US">I am facing a problem
that someone is spoofing my domain address and sending
emails to my own domain users. I have set valid SPF, DKIM,
DMARC for my Mail server. <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">To sort this problem I
have filter emails based on SPF checks and the email with
spf fail are marked high score and marked as spam. But the
issue with spf filter many legitimate email from many
servers marked as spam.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">More importantly my own
emails spf fails shown in MailScanner while I have verified
through Gmail and various other tools that my SPF , DKIM,
DMARC are passed.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">My Mail server is hosted
inside in private network and NAT behind the public DNS ,
since in public DNS I have spf according to mail server
public interface so in local intranet DNS I added SPF
records according to email server private ip,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Now few time spf shown
as pass in mailscanner and mostly fail . Temporarily I have
whitelisted my server host ip and my intranet ip to avoid
email blocking due to spf fail . Please someone guide any
solution to either I can stop email spoofing to my domain
without spf check or otherwise how can I sort this spf fail
issue on mailscanner .<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">this also block many
legitimate email with spf not set properly<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="en-PK"><o:p> </o:p></span></p>
<p class="MsoNormal" style="line-height:90%"><b><span
style="line-height:90%;font-family:"Gadugi",sans-serif;color:#13A538;mso-fareast-language:#2000"
lang="en-PK">Bilal Ahmad</span></b><span
style="mso-fareast-language:#2000" lang="en-PK"><o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:90%"><span
style="font-size:10.0pt;line-height:90%;font-family:"Gadugi",sans-serif;color:#203478;mso-fareast-language:#2000"
lang="en-PK">Network Administrator<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-top:6.0pt;line-height:90%"><span
style="font-size:10.0pt;line-height:90%;font-family:"Gadugi",sans-serif;color:#203478;mso-fareast-language:#2000"
lang="en-PK">Cell: +92 333 7451870 </span><span
style="font-size:10.0pt;line-height:90%;font-family:"Gadugi",sans-serif;color:red;mso-fareast-language:#2000"
lang="en-PK">|</span><span
style="font-size:10.0pt;line-height:90%;font-family:"Gadugi",sans-serif;color:#203478;mso-fareast-language:#2000"
lang="en-PK"> Tel: +92 68 5882400 </span><span
style="font-size:10.0pt;line-height:90%;font-family:"Gadugi",sans-serif;color:red;mso-fareast-language:#2000"
lang="en-PK">|</span><span
style="font-size:10.0pt;line-height:90%;font-family:"Gadugi",sans-serif;color:#203478;mso-fareast-language:#2000"
lang="en-PK"> Ext. 2499<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:90%"><span
style="font-size:10.0pt;line-height:90%;font-family:"Gadugi",sans-serif;color:#203478;mso-fareast-language:#2000"
lang="en-PK"><a class="moz-txt-link-abbreviated" href="http://www.kfueit.edu.pk">www.kfueit.edu.pk</a><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="en-PK"><a
href="http://www.kfueit.edu.pk/" moz-do-not-send="true"><span
style="color:windowtext;mso-fareast-language:#2000;text-decoration:none"><img
style="width:1.9333in;height:1.0416in"
id="Picture_x0020_2"
src="cid:part1.BDA1B462.109B0D13@tsys3.com" class=""
width="186" height="100" border="0"></span></a></span><span
style="mso-fareast-language:#2000" lang="en-PK"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="en-PK"><o:p> </o:p></span></p>
</div>
<br>
-- <br>
This message has been scanned for viruses and
<br>
dangerous content by
<a href="http://www.mailscanner.info/" moz-do-not-send="true"><b>MailScanner</b></a>,
and is
<br>
believed to be clean.
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">
</pre>
</blockquote>
<br>
</body>
</html>