On Tue, 9 Jul 2019 at 17:26, <[hidden email]> wrote:
> Dear Experts,
> I am facing a problem that someone is spoofing my domain address and sending emails to my own domain users.
> I have set valid SPF, DKIM, DMARC for my Mail server. How can I sort this problem with postfix to stop this spoofing ?
> If I filter emails based on SPF this also block many legitimate email with spf not set properly.
> Bilal Ahmad
> Network Administrator
If you use opendkim/opendmarc as milters to postfix then opendmarc
should block emails that spoof your domain (as I see you already have
dmarc setting p=reject). If this is not happening then probably you
have some incorrect settings in opendkim.conf or opendmarc.conf. For
instance, in opendmarc.conf you need 'RejectFailures true'.
> On 9 Jul 2019, at 10:25, [hidden email] wrote:
>> I am facing a problem that someone is spoofing my domain address and sending emails to my own domain users.
> Why are you accepting remote mail claiming to come from your server?
There are lots of things that will violate this. Mailing lists,
link-sharing services, people with an incorrect mail client configuration
(i.e. they have a From set for domain X, but send via SMTP server Y).
That said, turning on DKIM lockdown mode and saying "sorry, SPF is strict
for my own domain" is the right answer here. When your users complain,
whitelist them. Notify them in advance. Tell them the (true) story that
other people like gmail and whatnot are also filtering on this.
This may not be fully a postfix answer. DKIM/SPF fail can be used as a
scoring metric in many spam filters. And if they're doing things like
spoofing MUAs you've never used, or email addresses you don't use, that's