Yes!
if only you serving your domain no one should allowed to come and claim that he is you.
to do that use smtpd_restriction_classes with Postfix.
add things like this,
in /etc/postfix/main.cf:
smtpd_restriction_classes = external_sender_access, internal_sender_access
internal_sender_access = check_sender_access hash:/etc/postfix/internal_sender_access, reject
external_sender_access = check_sender_access hash:/etc/postfix/external_sender_access, permit
add "check_client_access cidr:/etc/postfix/network_sender_access" to smtpd_sender_restrictions with all other rules you have there.
example:
smtpd_sender_restrictions = permit_sasl_authenticated, reject_non_fqdn_sender, reject_unknown_sender_domain, check_client_access cidr:/etc/postfix/network_sender_access
creating the files:
/etc/postfix/network_sender_access:
(change 192.168.0.0 to your network segment using cidr (/24 /16 etc..))
Code: Select all
# localhost
127.0.0.0/24 internal_sender_access
# Inside Networks
192.168.0.0/24 internal_sender_access
# Everything else
0.0.0.0/0 external_sender_access
/etc/postfix/internal_sender_access
with the domains you are serving..
/etc/postfix/external_sender_access:
Code: Select all
example.com REJECT Bad MAIL FROM: You're not from here!
build the db files, run:
postmap /etc/postfix/network_sender_access
postmap /etc/postfix/internal_sender_access
postmap /etc/postfix/external_sender_access
restart postfix:
service postfix restart
Done.
try it from outside, connect..
telnet mail.example.com 25
220 mail.example.com ESMTP Mail Service Ready
helo mail.somehelo.com
250 efa.example.com
mail from:
fake@example.com
250 2.1.0 Ok
rcpt to:
user@example.com
554 5.7.1 <
fake@example.com>: Sender address rejected: Bad MAIL FROM: You're not from here!
Goodluck,
Zohman.