Postfix - where to setup the you are not me option?

dimsion

Hey Everyone,

I'm trying to stop e-mail spoofing our domain by using "you are not me" method following the instruction from the link below but with pfsense file structure. Everything works great until i do anything via the web gui and after a saved, the setting inside main.cf remove check_helo_access hash:/usr/local/etc/postfix/helo.access . Now every morning I'm getting an e-mail message from me sending to me, telling me about a job offer to work from home >:(.

reference from: http://www.bowe.id.au/michael/isp/postfix-server.htm

vi /usr/local/etc/postfix/helo.access

## Deny connections from people forging our hostnames
        mail.yourdomain.com         REJECT You are not me
        mail-mx.yourdomain.com REJECT You are not me

mail.domain1.com                 REJECT You are not me
        mail.domain2.com                 REJECT You are not me
        mail.domain3.com                 REJECT You are not me

postmap /usr/local/etc/postfix/helo.access

vi /usr/local/etc/postfix/main.cf
        smtpd_helo_required = yes
        smtpd_helo_restrictions =
        permit_mynetworks,
        check_helo_access hash:/usr/local/etc/postfix/helo.access,
        # warn_if_reject,
        reject_invalid_helo_hostname,
        permit

postfix reload

marcelloc

All config is created by package gui. If you need to include a file hack, do it on postfix.inc

Are you using latest version? did you configured helo acl?

dimsion

Thanks for responding,

I using 2.0.2-RELEASE, if it does make a different i can definitely update to the latest version.
I did enable the Antispam -> Helo Hostname -> checked, but people in my office saying they're not getting e-mail from legitimate sender. I assume this must have block some host using outside e-mail server that doesn't match their dns record. Where is the helo acl area? is this part of the new release?

Thanks again,

marcelloc

@dimsion:

Where is the helo acl area? is this part of the new release?

Yes.  :)

dimsion

Using the following version:
            2.0.3-RELEASE (amd64)
            built on Fri Apr 12 10:27:15 EDT 2013
            FreeBSD 8.1-RELEASE-p13

I can't seem to get this working, i added my domain under services->postfix forwarder->access lists->helo

/^mydomain.org/ REJECT

Still, i'm getting e-mail send to me by me from an outsider source.

Perhaps, i'm placing it in the wrong place? Any help would greatly appreciated.

marcelloc

Many spams send a correct header but on mail change sender info on mail data.

on my setup I do not use the ^ on helo info

my domain restrictions are placed on  acls  helo and sender field