Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Postfix - where to setup the you are not me option?

    Scheduled Pinned Locked Moved pfSense Packages
    6 Posts 2 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dimsion
      last edited by

      Hey Everyone,

      I'm trying to stop e-mail spoofing our domain by using "you are not me" method following the instruction from the link below but with pfsense file structure. Everything works great until i do anything via the web gui and after a saved, the setting inside main.cf remove check_helo_access hash:/usr/local/etc/postfix/helo.access . Now every morning I'm getting an e-mail message from me sending to me, telling me about a job offer to work from home >:(.

      reference from: http://www.bowe.id.au/michael/isp/postfix-server.htm

      vi /usr/local/etc/postfix/helo.access

      ## Deny connections from people forging our hostnames
              mail.yourdomain.com         REJECT You are not me
              mail-mx.yourdomain.com REJECT You are not me

      mail.domain1.com                 REJECT You are not me
              mail.domain2.com                 REJECT You are not me
              mail.domain3.com                 REJECT You are not me

      postmap /usr/local/etc/postfix/helo.access

      vi /usr/local/etc/postfix/main.cf
              smtpd_helo_required = yes
              smtpd_helo_restrictions =
              permit_mynetworks,
              check_helo_access hash:/usr/local/etc/postfix/helo.access,
              # warn_if_reject,
              reject_invalid_helo_hostname,
              permit

      postfix reload

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        All config is created by package gui. If you need to include a file hack, do it on postfix.inc

        Are you using latest version? did you configured helo acl?

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • D
          dimsion
          last edited by

          Thanks for responding,

          I using 2.0.2-RELEASE, if it does make a different i can definitely update to the latest version.
          I did enable the Antispam -> Helo Hostname -> checked, but people in my office saying they're not getting e-mail from legitimate sender. I assume this must have block some host using outside e-mail server that doesn't match their dns record. Where is the helo acl area? is this part of the new release?

          Thanks again,

          1 Reply Last reply Reply Quote 0
          • marcellocM
            marcelloc
            last edited by

            @dimsion:

            Where is the helo acl area? is this part of the new release?

            Yes.  :)

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • D
              dimsion
              last edited by

              Using the following version:
                          2.0.3-RELEASE (amd64)
                          built on Fri Apr 12 10:27:15 EDT 2013
                          FreeBSD 8.1-RELEASE-p13

              I can't seem to get this working, i added my domain under services->postfix forwarder->access lists->helo

              /^mydomain.org/ REJECT

              Still, i'm getting e-mail send to me by me from an outsider source.

              Perhaps, i'm placing it in the wrong place? Any help would greatly appreciated.

              1 Reply Last reply Reply Quote 0
              • marcellocM
                marcelloc
                last edited by

                Many spams send a correct header but on mail change sender info on mail data.

                on my setup I do not use the ^ on helo info

                my domain restrictions are placed on  acls  helo and sender field

                Treinamentos de Elite: http://sys-squad.com

                Help a community developer! ;D

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.