Reject Mails where mail from domain is receipient domain

Ulrich,

can you explain what you are trying to achieve? in order to make sure that email are only sent from the correct owner (so the server) you should use:

• Proper RDNS record
• SPF record
• DKIM record

Once you have configured them and your receiver uses strict email control (by checking those records) spoofing is prevented.

Yes you are right. The SPF record prevents e-mail from being accepted with the sender's own domain.

Sometimes it is good to think about it again.

:-)

Today I received a bounce message, which I could not get because of SPF.

MESSAGE   Nov 01 12:16:49 [0x200017d3]: New SMTP Session Initialized 37.231.253.49:44486 ==> 192.168.178.2:25

MESSAGE   Nov 01 12:16:51 [0x200017d5]: [0xc0000b86](info@msp-it.de)SF Policy Action: DROP

ERROR     Nov 01 12:16:51 [3875953472]: insert_reason_for_action: REASON : Mail has been dropped by policy mail.msp-it.com Weiterleitung.

MESSAGE   Nov 01 12:16:51 [3875953472]: Notification generated for AV incident: Recipient info@msp-it.de

ERROR     Nov 01 12:16:51 [3875953472]: decide_departure_point: host count = 1

MESSAGE   Nov 01 12:16:51 [0x200017d6]: Mail Transaction Started from 127.0.0.1:25 to 80.72.136.141:25 (fdid:26)

MESSAGE   Nov 01 12:16:52 [0x200017d6]: [0x200017d60] Mail Received with 250 2.6.0 <f014aead-7968-4beb-a2b1-3d7a9f65fbc2@MAIL.msp-it.lan> [InternalId=2215] Queued mail for delivery

ERROR     Nov 01 12:16:52 [3875953472]: insert_reason_for_action: REASON : Mail sent successfully.

Hope to get SPF and DKIM soon!

:-(

Have a look at this thread:

https://community.sophos.com/products/xg-firewall/v16beta/f/sfos-v16-beta-feature-requests/78869/additional-mta-features-needed-in-the-gui/301823#301823

MTA at the moment on XG is not comparable at all with UTM9.

Thanks for your answer. :-(