ISPConfig reject spoofed-Mails 2


Spoofed mails are incoming messages that use one of the domains on the server without being authorized to send (i.e. the client that has logged on to the server).

To reject such mails with ISPConfig, create the file /etc/postfix/mysql-virtual_domains_inverted.cf and change the group to postfix:

user = ispconfig
password = xvvcvxcvvxvxvx
dbname = dbispconfig
hosts = 127.0.0.1
query = SELECT 'REJECT' FROM mail_domain WHERE domain = '%d' AND active = 'y'
require_result_set = no

You can test it that way:

postmap -q info@own.domain mysql:/etc/postfix/mysql-virtual_domains_inverted.cf

IAs a result, you get REJECT.


postmap -q info@example.com mysql:/etc/postfix/mysql-virtual_domains_inverted.cf

does not print anything in return, since it is not a domain for which the server is responsible.

The values for user and password can be taken from one of the other mysql-virtual_ files.

The check is then included in the smtpd_sender_restrictions. The current value is shown with postconf -n smtpd_sender_restrictions.

It’ll look like that:
smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re , permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, check_sender_access regexp:/etc/postfix/tag_as_foreign.re

The new check is included after permit_sasl_authenticated.

Restart postfix and you are done.

With the following call as root everything happens at once:

cd /etc/postfix && cp mysql-virtual_domains.cf mysql-virtual_domains_inverted.cf && sed -i "s/^table.*//g" mysql-virtual_domains_inverted.cf && sed -i "s/^select_field.*//g" mysql-virtual_domains_inverted.cf && sed -i "s/^where_field.*//g" mysql-virtual_domains_inverted.cf && sed -i "s/^additional_conditions.*//g" mysql-virtual_domains_inverted.cf && echo >> mysql-virtual_domains_inverted.cf && echo "query = SELECT 'REJECT' FROM mail_domain WHERE domain = '%d' AND active = 'y'" >> mysql-virtual_domains_inverted.cf && echo "require_result_set = no" >> mysql-virtual_domains_inverted.cf && sed -i '/^\s*$/d' mysql-virtual_domains_inverted.cf && chgrp postfix mysql-virtual_domains_inverted.cf && postconf -e "smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re , permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:/etc/postfix/mysql-virtual_domains_inverted.cf, check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, check_sender_access regexp:/etc/postfix/tag_as_foreign.re" && service postfix restart


Leave a comment

Your email address will not be published. Required fields are marked *

2 thoughts on “ISPConfig reject spoofed-Mails