Home | Comics | Gallery | (Amazon| ThinkGeek) wishlist | Donations | Impressum | The Book of Postfix | Postfix - Einrichtung, Betrieb und Wartung | Blog

Postfix and sender address verification

Note: this only applies to the a snapshot version of Postfix!

The Problem

Majority of the UCE that we receive have forged yahoo, hotmail, bigfoot addresses. Since we are a major mailhub, turning on address verification results in a lot of false positives. We have to manually check the maillogs, or wait until a client complains and add particular domains to whitelists.

The Question

Is there a way to use address verification only for those frequently forged domains. I like it to work the other way around, wherein I add the particular domains I want to have address verification.

The answer

Yes, of course. You can use it this way (we use it as LAST restriction of all, since it's so expensive): 
smtpd_recipient_restrictions =
...
   check_sender_access hash:/etc/postfix/frequently_forged_senders
   permit
and in /etc/postfix/frequently_forged_senders: 
      
yahoo.com          reject_unverified_sender
hotmail.com          reject_unverified_sender
bigfoot.com          reject_unverified_sender
© by Ralf Hildebrandt
This document contains links to external information sources that I do neither monitor nor control. I explicitly disclaim any liabilities in respect to external references.
You are getting this document without any guarantees. Any methods shown above are meant as demonstration and may be wrong in some place. You may damage your system if you try to follow my hints and instructions. You do this at your own risk!

Valid HTML 4.01 Strict

Windows 7 Sins

 Locations of visitors to this page

This file was last modified 17. Jan 2007 by root