How to circumvent Backscatter
what is backscatter mail?
When a spammer or an other attacker sends you an email with the sender domain being your own:
EHLO example.com MAIL FROM: email@example.com RCPT TO: firstname.lastname@example.org data ...
why to do something against it
I use this to send spearphishing attacks to customers when I perform social engineering email attacks. So if you leave this attack vector open I can send you email for example from your boss your it department etc.
how to fix this in postfix
On stackoverflow I found some methods how to fix this for postfix: Link
I chose the 3rd method. Since I just have my mail accounts this was the easiest one.
Add you mail addresses and logins to
email@example.com test firstname.lastname@example.org foo
Then load the file with the command
sudo postmap /etc/postfix/smtpd_sender_login_maps
And finally add following lines to
smtpd_sender_restrictions = reject_unknown_sender_domain, reject_authenticated_sender_login_mismatch, reject_non_fqdn_sender, reject_sender_login_mismatch, reject_unverified_sender, reject_sender_login_mismatch, permit_sasl_authenticated reject_unlisted_sender, permit
Now your postfix should reject unauthenticated senders with your domain. To test this just connect to the mail server with telnet:
telnet example.com 25 EHLO example.com MAIL FROM: <email@example.com> RCPT TO: <firstname.lastname@example.org>
And it should trigger this error message:
553 5.7.1 <email@example.com>: Sender address rejected: not logged in