Articles in this section

Email spoofing via Postfix continues after SPF, DKIM and DMARC are enabled

Vincent Lauton
Updated
Plesk for Linux kb: technical

Symptoms

  • SPF, DKIM and DMARC are enabled
  • smtpd_sender_restrictions in /etc/postfix/main.cf already include reject_sender_login_mismatch
  • The following error is visible in /var/log/maillog:

    CONFIG_TEXT: Jan 31 12:06:49 server postfix/smtpd[17653]: 1F52940A96: client=spoofed.example.org[203.0.113.2]
    Jan 31 12:06:49 server psa-pc-remote[22555]: 1F52940A96: from=<> to=<mail@example.com>
    Jan 31 12:06:49 server postfix/cleanup[30887]: 1F52940A96: message-id=<20230131120524.8E710E5016B@spoofed.example.org>

Cause

The Postfix security measures are not strict enough and the mail server can still be abused.

Resolution

Install the Plesk Email Security extension and follow these steps:

1. Log into Plesk

2. Go to Tools & Settings > Plesk Email Security > Server Settings > Advanced

3. Under the Postfix - Strict Rules section, check the Enable strict rules box

4. Click Save

Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.