I have an SMTP relay that relays to our email forwarding server but currently it's accepting mail from all sorts of nasty spammers and our email forwarding host have (rightly) suspended the forwarding until we can lock things down a bit more. I'd therefore like to lock down this relay so that only emails with a specific 'from' value are accepted as a good start.
As per the Q-A in Rejecting unlisted senders in Postfix, I've tried setting this in main.cf
:
smtpd_sender_restrictions =
check_sender_access hash:/etc/postfix/acl_unknown_permited
reject_unlisted_sender
..and making a new file /etc/postfix/acl_unknown_permited
with the following content:
[email protected] permit
...with the appropriate server name.
This doesn't appear to be rejecting email though as setting the sender address to something outside of [email protected]
like [email protected]
is not rejected.
Is there another setting that could be overriding what I've set here?
The only thing I can think might be going awry at this point is the target of our relay is currently deferring email send attempts. Could that be masking the issue (I was expecting the rejection to happen before we hit the following error and I'm wary to open up the next stage until we've fully tied down the relay)?
Apr 25 22:13:37 smtp-relay postfix/smtp[447151]: BE0FB4247C: to=<[email protected]>, relay=email.forwarder.com [X.X.X.X]:587, delay=0.29, delays=0.09/0.02/0.17/0, dsn=4.0.0, status=deferred (SASL authentication failed; server email.forwarder.com [X.X.X.X] said: 535 Too many failed login requests from Y.Y.Y.Y. Try again later. #MS-ST-D)