Hello,
We have a hacker who is spoofing sending email from our site.
That is they are sending emails such as support_team@ourdomain.com
when they are of course not sending them from ourdomain.com email accounts and ip address which is the ONLY authorized ip to send emails for ourdomain.com but from some ip in Pakistan.
How do we stop them from sending such unauthorized (spoofed) emails?
FYI, we are running Postfix as our email server with Dovecot on Centos7
and on our Postfix config file we have following settings already set to prevent such Spoofing:
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sender_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unknown_sender_domain,
reject_unknown_reverse_client_hostname,
reject_unknown_client_hostname,
reject_unlisted_sender,
reject_sender_login_mismatch,
reject_unauth_pipelining,
reject_non_fqdn_sender,
reject_unverified_sender
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks,
reject_non_fqdn_helo_hostname,
reject_invalid_helo_hostname,
permit
The above settings should Stop any such spoofing!
How it is not, I cant understand. And that is why I am hoping you all can help?
Also, we have all SPF DKIM DMARK set correctly so much so that mail-tester.com
gives our emails 10 out of 10 non-SPAMy good to send.
To be exact: I am not sure they can actually send Spoof emails from us to xyz@gmail.com for example, but they are able to send such spoof emails to support_team@ourdomain.com from this spoofed email of support_team@ourdomain.com which is actually not from us but some server in Pakistan ip.
And oh ya: they are demanding like 100 BitCoins to stop sending these Spoofed emails 
Thanks,
Dean