Email spoofing via Postfix continues after SPF, DKIM and DMARC are enabled

Dmitry Bystrov

3 months ago

Symptoms

SPF, DKIM and DMARC are enabled
smtpd_sender_restrictions in /etc/postfix/main.cf already include reject_sender_login_mismatch
The following error is visible in /var/log/maillog:
Jan 31 12:06:49 server postfix/smtpd[17653]: 1F52940A96: client=spoofed.example.org[203.0.113.2]
Jan 31 12:06:49 server psa-pc-remote[22555]: 1F52940A96: from=<> to=<mail@example.com>
Jan 31 12:06:49 server postfix/cleanup[30887]: 1F52940A96: message-id=<20230131120524.8E710E5016B@spoofed.example.org>

The Postfix security measures are not strict enough and the mail server can still be abused.

Install the Plesk Email Security extension and follow these steps:

1. Log into Plesk

2. Go to Tools & Settings > Plesk Email Security > Server Settings > Advanced

3. Under the Postfix - Strict Rules section, check the Enable strict rules box

4. Click Save

0 Shares