Handling fake own From:

andreisrr · 2026-04-11T20:42:27+0200

Hi,

I have the following configuration:

mailserver	PMG	internet
domain1 domain2	handles domain1,domain2

Both mailserver and PMG have a public IP.
Mailserver is not allowed to receive connections on port 25 from outside the DMZ.
Mailserver has PMG as smarthost.

PMG is set to relay domain1, domain2.
PMG has transports set to mailserver for both domains.

Is there a way to tell PMG to block emails coming from internet with From: header containing domain1 or domain2 regardless of other tests?

MKle · 2026-04-12T14:28:43+0200

I would set up Sender Policy Framework (SPF) records up for both domains, allowing only PMG to send for those domains.

Onslow · 2026-04-12T14:57:27+0200

That was my first thought as well, but as @andreisrr asked about "From: " (note the colon) header, I believe that SPF won't help, because SPF verifies only "From " (note: without colon) header, i.e. MAIL FROM: address.

To verify (also) "From: " address, one should use also DMARC (possibly together with DKIM).

Search

Search

Handling fake own From:

andreisrr

Member

MKle

New Member

Onslow

Active Member

We value your privacy