We have a hacker who is spoofing sending email from our site.
That is they are sending emails such as
when they are of course not sending them from
ourdomain.com email accounts and ip address which is the ONLY authorized ip to send emails for
ourdomain.com but from some ip in Pakistan.
How do we stop them from sending such unauthorized (spoofed) emails?
FYI, we are running Postfix as our email server with Dovecot on Centos7
and on our Postfix config file we have following settings already set to prevent such Spoofing:
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_delay_reject = yes
smtpd_helo_required = yes
The above settings should Stop any such spoofing!
How it is not, I cant understand. And that is why I am hoping you all can help?
Also, we have all SPF DKIM DMARK set correctly so much so that mail-tester.com
gives our emails 10 out of 10 non-SPAMy good to send.
To be exact: I am not sure they can actually send Spoof emails from us to
email@example.com for example, but they are able to send such spoof emails to
firstname.lastname@example.org from this spoofed email of
email@example.com which is actually not from us but some server in Pakistan ip.
And oh ya: they are demanding like 100 BitCoins to stop sending these Spoofed emails