The idea is selectively probe valid email sender for certain domain that frequently forged by spammer, we should use sender access verification carefully. Much better if we noticing postmaster/admin that we conducting SAv/probing their server for valid user, or otherwise we’ll end up in backscatterer.org list hehehe…
Create smtpd_restriction_class call verify_sender
smtpd_restriction_classes = verify_sender
Define verify_sender so it should reject all unverified email sender, verified one will be permit/pass
verify_sender = reject_unverified_sender, permit
Create has table called frequently_forged_senders to define sender domain that going to be in verification list
check_sender_access hash:/etc/postfix/frequently_forged_senders
frequently_forged_senders contains
domain1.tld verify_sender domain2.tld verify_sender domain3.tld verify_sender
For caching sender address that already verified, create table verify
address_verify_sender = postmaster@domain.tld address_verify_map = btree:/var/lib/postfix/verify
By default, the information is kept in volatile memory, and is lost after “postfix reload” or “postfix stop”
done
You may also want to read these posts:
- Postfix Bind Sender Domain To Dedicated Outgoing IP Address
- Postfix IPv6 + SPF (sender policy framework)
- block squirrelmail sender address spoofing
- Postfix Bind Sender Outgoing IP, Based On GeoIP Location
- Postfix Create Blackhole For Authenticated User’s Outgoing Submission (revised)
- Postfix IPv6 + RBL + BIND9 as DNSBL
- Postfix TLS Support On Fedora 12
- Postfix Create Blackhole For Authenticated User’s Outgoing Submission
- Postfix, Rate Limiting Inbound Emails Using SenderScore And Memcache
- Postfix + DNSWL
Follow me on Twitter