Postfix › Postfix Users

Spoofing Emails to My Own Domain

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

5 messages Options

Bilal

Spoofing Emails to My Own Domain

Dear Experts,

I am facing a problem that someone is spoofing my domain address and sending emails to my own domain users.

I have set valid SPF, DKIM, DMARC for my Mail server. How can I sort this problem with postfix to stop this spoofing ?

If I filter emails based on SPF this also block many legitimate email with spf not set properly.

Bilal Ahmad

Network Administrator

Dominic Raferd

Re: Spoofing Emails to My Own Domain

On Tue, 9 Jul 2019 at 17:26, <[hidden email]> wrote:
>
> Dear Experts,
>
> I am facing a problem that someone is spoofing my domain address and sending emails to my own domain users.
> I have set valid SPF, DKIM, DMARC for my Mail server. How can I sort this problem with postfix to stop this spoofing ?
> If I filter emails based on SPF this also block many legitimate email with spf not set properly.
>
> Bilal Ahmad
> Network Administrator

If you use opendkim/opendmarc as milters to postfix then opendmarc
should block emails that spoof your domain (as I see you already have
dmarc setting p=reject). If this is not happening then probably you
have some incorrect settings in opendkim.conf or opendmarc.conf. For
instance, in opendmarc.conf you need 'RejectFailures true'.

@lbutlr

Re: Spoofing Emails to My Own Domain

In reply to this post by Bilal

On 9 Jul 2019, at 10:25, [hidden email] wrote:
> I am facing a problem that someone is spoofing my domain address and sending emails to my own domain users.

Why are you accepting remote mail claiming to come from your server?

--
Everything you read on the Internet is false -- Glenn Fleishman

Dan Mahoney (Gushi)

Re: Spoofing Emails to My Own Domain

On Tue, 9 Jul 2019, @lbutlr wrote:

> On 9 Jul 2019, at 10:25, [hidden email] wrote:
>> I am facing a problem that someone is spoofing my domain address and sending emails to my own domain users.
>
> Why are you accepting remote mail claiming to come from your server?

There are lots of things that will violate this. Mailing lists,
link-sharing services, people with an incorrect mail client configuration
(i.e. they have a From set for domain X, but send via SMTP server Y).

That said, turning on DKIM lockdown mode and saying "sorry, SPF is strict
for my own domain" is the right answer here. When your users complain,
whitelist them. Notify them in advance. Tell them the (true) story that
other people like gmail and whatnot are also filtering on this.

This may not be fully a postfix answer. DKIM/SPF fail can be used as a
scoring metric in many spam filters. And if they're doing things like
spoofing MUAs you've never used, or email addresses you don't use, that's
usable too.

Best,

-Dan

--

--------Dan Mahoney--------
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
FB: fb.com/DanielMahoneyIV
LI: linkedin.com/in/gushi
Site: http://www.gushi.org
---------------------------

Bastian Blank-3

Re: Spoofing Emails to My Own Domain

In reply to this post by Bilal

On Tue, Jul 09, 2019 at 09:25:10PM +0500, [hidden email] wrote:
> I am facing a problem that someone is spoofing my domain address and sending
> emails to my own domain users.

Envelope sender or header from?

First is "fixed" by SPF. Second is completely normal, just check your
mail sent to this very mailing-list.

Bastian

--
Phasers locked on target, Captain.