Preventing Mail Spoofing

Nirex

I really do fell dumb to ask this, but I’m really new to mailcow (and setting up mail servers in general). After setting up DMARC and everything, I noticed that it was still possible to send spoofed local domain mails via port 25, for example:

swaks –to user2@mydomain.com –from user1@mydomain.com –server mail.mydomain.com –tls –ehlo real.badass.com

I can’t find out a way to prevent this, and googling often drops me into some people saying that enforcing authentication on port 25 would prevent legitimate inbound mail from other server from getting delivered - yes - but couldn’t I just disallow any local email being sent to port 25? Wouldn’t that fix the problem?

esackbauer

Have you tried to send mail from a public IP? Or are you just trying within your own network?

ETNyx

In general, you should not enforce auth,… but that does not mean you can not reject message, you do not want to allow to your server. Let’s say you are handling mydomain.com, it’s covered by DMARC, you are free to make this test and if fail (send from not approved sender) you can reject this message before delivery. Legitimate senders from gmail.com will pass this test, so you accept them.

CK_beats

As @ETNyx has already written, port 25 must be open inbound on a mail server, without authentication. Otherwise, mail delivery to this host from other mail servers is no longer possible.

In any case, you should configure SPF, DKIM and DMARC entries cleanly and strictly.
Thus recognizes
a) Your own mail server
b) foreign mail servers that receive fake emails in your name

HAM from SPAM and everything is fine.
You adjust the RspamD flags yourself, e.g. B. failed DMARC entries can lead to a high spam rating. Now you have peace of mind from emails that are publicly faked in your name.