If you ever getting email spoofing that using email on display name like below
Please try below tips. I am using Zimbra and this is what i do
su - zimbra vi /opt/zimbra/conf/from_checks
Fill with the following line
/^From:(.*@)+(.*@)/ HOLD it looks like you are spam
Note : If you receive email that having @ in the display name, email will be hold and you will getting information “it looks like you are spam” in the log. You can change HOLD with another method like DISCARD or REJECT.
If you want to whitelist some domain that have @ in the displayname, you can add to the first line like below
/^From:(.*@imanudin.com)+(.*@imanudin.com)/ OK domain whitelist /^From:(.*@)+(.*@)/ HOLD it looks like you are spam
If you want to redirect an email to another email instead of hold, you can change it as follows
/^From:(.*@imanudin.com)+(.*@imanudin.com)/ OK domain whitelist /^From:(.*@)+(.*@)/ REDIRECT firstname.lastname@example.org
Run the following command to add header check and restart postfix
zmprov ms `zmhostname` zimbraMtaHeaderChecks "pcre:/opt/zimbra/conf/postfix_header_checks,pcre:/opt/zimbra/conf/from_checks" zmprov mcf zimbraMtaBlockedExtensionWarnRecipient FALSE postfix reload
The following is an example email log that use @ in the display name
D6CAE2811C34: hold: header From: "email@example.com" <firstname.lastname@example.org> from unknown[120.xxx.xxx.xx]; from=<email@example.com> to=<firstname.lastname@example.org> proto=ESMTP helo=: it looks like you are spam Nov 1 23:45:45 myzimbra postfix/cleanup: D6CAE2811C34: message-id=<email@example.com>
Exmaple in mailq
[zimbra@myzimbra ~]$ mailq -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient------- D6CAE2811C34! 626 Thu Nov 1 23:45:45 firstname.lastname@example.org email@example.com -- 1 Kbytes in 1 Requests.
In the Queue ID, have a ! sign (exclamation mark). It’s mean email holds. You can delete them (if that email is spam) or you can release them (if that email is not spam).
Good luck and hopefully useful 🙂