Postfix - where to setup the you are not me option?



  • Hey Everyone,

    I'm trying to stop e-mail spoofing our domain by using "you are not me" method following the instruction from the link below but with pfsense file structure. Everything works great until i do anything via the web gui and after a saved, the setting inside main.cf remove check_helo_access hash:/usr/local/etc/postfix/helo.access . Now every morning I'm getting an e-mail message from me sending to me, telling me about a job offer to work from home >:(.

    reference from: http://www.bowe.id.au/michael/isp/postfix-server.htm

    vi /usr/local/etc/postfix/helo.access

    ## Deny connections from people forging our hostnames
            mail.yourdomain.com         REJECT You are not me
            mail-mx.yourdomain.com REJECT You are not me

    mail.domain1.com                 REJECT You are not me
            mail.domain2.com                 REJECT You are not me
            mail.domain3.com                 REJECT You are not me

    postmap /usr/local/etc/postfix/helo.access

    vi /usr/local/etc/postfix/main.cf
            smtpd_helo_required = yes
            smtpd_helo_restrictions =
            permit_mynetworks,
            check_helo_access hash:/usr/local/etc/postfix/helo.access,
            # warn_if_reject,
            reject_invalid_helo_hostname,
            permit

    postfix reload



  • All config is created by package gui. If you need to include a file hack, do it on postfix.inc

    Are you using latest version? did you configured helo acl?



  • Thanks for responding,

    I using 2.0.2-RELEASE, if it does make a different i can definitely update to the latest version.
    I did enable the Antispam -> Helo Hostname -> checked, but people in my office saying they're not getting e-mail from legitimate sender. I assume this must have block some host using outside e-mail server that doesn't match their dns record. Where is the helo acl area? is this part of the new release?

    Thanks again,



  • @dimsion:

    Where is the helo acl area? is this part of the new release?

    Yes.  :)



  • Using the following version:
                2.0.3-RELEASE (amd64)
                built on Fri Apr 12 10:27:15 EDT 2013
                FreeBSD 8.1-RELEASE-p13

    I can't seem to get this working, i added my domain under services->postfix forwarder->access lists->helo

    /^mydomain.org/ REJECT

    Still, i'm getting e-mail send to me by me from an outsider source.

    Perhaps, i'm placing it in the wrong place? Any help would greatly appreciated.



  • Many spams send a correct header but on mail change sender info on mail data.

    on my setup I do not use the ^ on helo info

    my domain restrictions are placed on  acls  helo and sender field


Log in to reply