"MAIL FROM" vs. "From"-Header in Data section - faked From address SPAM

[digi]

Hi!

As also posted here[1] we are receiving spam with a valid MAIL-FROM address (e.g. MAIL FROM: foobar@spammerexample.com + valid SPF for ip/domain e.g. via google mail), but the From-Header in the Data part of the SMTP conversation is set to e.g "legitlooking@mx1.mydomain.com".
So from the customer's/client's point of view the email seems to come from "mx1.mydomain.com".
mx1.mydomain.com is my proxmox host.

My main question:

• Is there any way to make proxmox check the From-header in the Data section?

At best I'd like to reject incoming mail, that tries to look like its coming from the proxmox-system itself.

Clarification: I do not need proxmox to check all incoming mails for matching return-path/"mail from" vs. from-header(data) addresses as this would make mailinglists etc not work i guess - I just want proxmox to reject mails trying to come from the system itself.

Details:
mail in customers inbox has the following headers (parts removed):
...
Received-SPF: pass (spammerexample.com: a.b.c.d is authorized to use ...)
...
From: <foo@mx1.mydomain.com>, <bar@mx1.mydomain.com>, ... <- this is obviously faked
...
To: <victim@victimdomain.at>
...
Return-Path: thespammer@spammerexample.com
...

[1]https://forum.proxmox.com/threads/spam-getting-through.49322/

 

[heutger]

I believe, there was a posting in another thread on how to process the "whole" from line, e.g. via Postfix body checks.

 

[Stoiko Ivanov]

dropped a comment in the thread you referenced - https://forum.proxmox.com/threads/spam-getting-through.49322/ - hope it helps