Spoofing Emails to My Own Domain

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Spoofing Emails to My Own Domain

Bilal

Dear Experts,

 

I am facing a problem that someone is spoofing my domain address and sending emails to my own domain users.

 

I have set valid SPF, DKIM, DMARC for my Mail server. How can I sort this problem with postfix to stop this spoofing ?

 

If I filter emails based on SPF this also block many legitimate email with spf not set properly.

 

 

Bilal Ahmad

Network Administrator

 

Reply | Threaded
Open this post in threaded view
|

Re: Spoofing Emails to My Own Domain

Dominic Raferd
On Tue, 9 Jul 2019 at 17:26, <[hidden email]> wrote:
>
> Dear Experts,
>
> I am facing a problem that someone is spoofing my domain address and sending emails to my own domain users.
> I have set valid SPF, DKIM, DMARC for my Mail server. How can I sort this problem with postfix to stop this spoofing ?
> If I filter emails based on SPF this also block many legitimate email with spf not set properly.
>
> Bilal Ahmad
> Network Administrator

If you use opendkim/opendmarc as milters to postfix then opendmarc
should block emails that spoof your domain (as I see you already have
dmarc setting p=reject). If this is not happening then probably you
have some incorrect settings in opendkim.conf or opendmarc.conf. For
instance, in opendmarc.conf you need 'RejectFailures true'.
Reply | Threaded
Open this post in threaded view
|

Re: Spoofing Emails to My Own Domain

@lbutlr
In reply to this post by Bilal
On 9 Jul 2019, at 10:25, [hidden email] wrote:
> I am facing a problem that someone is spoofing my domain address and sending emails to my own domain users.

Why are you accepting remote mail claiming to come from your server?
 


--
Everything you read on the Internet is false -- Glenn Fleishman

Reply | Threaded
Open this post in threaded view
|

Re: Spoofing Emails to My Own Domain

Dan Mahoney (Gushi)
On Tue, 9 Jul 2019, @lbutlr wrote:

> On 9 Jul 2019, at 10:25, [hidden email] wrote:
>> I am facing a problem that someone is spoofing my domain address and sending emails to my own domain users.
>
> Why are you accepting remote mail claiming to come from your server?

There are lots of things that will violate this.  Mailing lists,
link-sharing services, people with an incorrect mail client configuration
(i.e. they have a From set for domain X, but send via SMTP server Y).

That said, turning on DKIM lockdown mode and saying "sorry, SPF is strict
for my own domain" is the right answer here.  When your users complain,
whitelist them.  Notify them in advance.  Tell them the (true) story that
other people like gmail and whatnot are also filtering on this.

This may not be fully a postfix answer.  DKIM/SPF fail can be used as a
scoring metric in many spam filters.  And if they're doing things like
spoofing MUAs you've never used, or email addresses you don't use, that's
usable too.

Best,

-Dan


--

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
FB:  fb.com/DanielMahoneyIV
LI:   linkedin.com/in/gushi
Site:  http://www.gushi.org
---------------------------

Reply | Threaded
Open this post in threaded view
|

Re: Spoofing Emails to My Own Domain

Bastian Blank-3
In reply to this post by Bilal
On Tue, Jul 09, 2019 at 09:25:10PM +0500, [hidden email] wrote:
> I am facing a problem that someone is spoofing my domain address and sending
> emails to my own domain users.

Envelope sender or header from?

First is "fixed" by SPF.  Second is completely normal, just check your
mail sent to this very mailing-list.

Bastian

--
Phasers locked on target, Captain.