Knowledge Base

Email spoofing via Postfix continues after SPF, DKIM and DMARC are enabled

Symptoms

SPF, DKIM and DMARC are enabled
smtpd_sender_restrictions in /etc/postfix/main.cf already include reject_sender_login_mismatch
The following error is visible in /var/log/maillog:
Jan 31 12:06:49 server postfix/smtpd[17653]: 1F52940A96: client=spoofed.example.org[203.0.113.2]
Jan 31 12:06:49 server psa-pc-remote[22555]: 1F52940A96: from=<> to=<[email protected]>
Jan 31 12:06:49 server postfix/cleanup[30887]: 1F52940A96: message-id=<[email protected]>

Cause

The Postfix security measures are not strict enough and the mail server can still be abused.

Resolution

Install the Plesk Email Security extension and follow these steps:

1. Log into Plesk

2. Go to Tools & Settings > Plesk Email Security > Server Settings > Advanced

3. Under the Postfix - Strict Rules section, check the Enable strict rules box

4. Click Save

Related Posts

Advanced Techniques for Building an Email List

How Modern Secure and Self-Hosted Messaging has Become a Cornerstone for Teams Worldwide

Key Reasons Why You Should Upgrade Your Email Security Today

Knowledge Base

Email header analysis reports SPF failed for localhost IP on mail sent from Plesk hosted mailbox: SPF Authentication : SPF Failed for IP – 127.0.0.1

Unable to send mail: deferred (delivery temporarily suspended: connect to 127.0.0.1[127.0.0.1]:10024: Connection refused)

Mail delivery does not work: do not list domain in BOTH mydestination and virtual_mailbox_domains

How to customize the mail notification template

Hosting Wiki