Fix Receiving Spoofed Emails from Your Own Domain

(Postfix + DMARC Not Working)

May 4, 2026Last Updated: May 3, 2026
127

If your VPS is receiving fake emails that appear to be sent from your own domain, your DMARC enforcement is likely incomplete. Here’s how to fix it properly.

Table of Contents

A client recently reached out with a confusing issue:

“I’m receiving emails from my own address… but I didn’t send them.”

Fiverr Client

At first glance, it looked like the server was compromised. But after checking the headers, it turned out to be something much more common — email spoofing.

This usually happens on self-hosted mail servers (Postfix + Roundcube setups on VPS) where SPF and DMARC are configured, but not enforced locally.

If you’re running your own mail server, this is a very common issue under Email & SMTP Issues.

Problem Summary

Here’s what we observed:

  • Emails appearing to come from your own domain (e.g. no-reply@yourdomain.com)
  • Delivered to your own inbox
  • Containing phishing links (IPFS, fake login pages, etc.)
  • SpamAssassin flags them, but still delivers
  • Headers show external IPs (not your server)

Example from logs:

  • External IP sending mail
  • Forged “From” address = your domain
  • No authentication (SPF/DKIM/DMARC fail)

This clearly indicates spoofing, not a hacked server.

Why This Happens

Email by default does not verify sender identity.

Even if you have:

  • SPF
  • DKIM
  • DMARC

👉 Your own Postfix server will still accept spoofed emails unless you enforce rules locally.

That’s the gap.

Confirm it's spoofing (not compromise)

Check headers of the email.

Look for:

  • Received: shows external IP (not your server)
  • Missing or failing authentication
  • Suspicious links

If the mail originated outside your server → it’s spoofing.

Verify SPF and DMARC records

Make sure your DNS is correct.

Example:

				
					v=spf1 a mx ip4:YOUR_SERVER_IP include:some-domain.com -all
				
			
				
					v=DMARC1; p=quarantine; pct=100

This ensures external servers can evaluate your domain.

But this alone does NOT protect your own inbox.

Install OpenDMARC

				
					sudo apt install opendmarc -y

Configure:

				
					Socket local:/var/spool/postfix/opendmarc/opendmarc.sock
AuthservID your.server.hostname
TrustedAuthservIDs your.server.hostname

Chain OpenDKIM + OpenDMARC (critical)

If you already have:

				
					smtpd_milters = inet:localhost:8891

That’s OpenDKIM.

Do NOT replace it.

Instead:

				
					smtpd_milters = inet:localhost:8891, unix:opendmarc/opendmarc.sock
non_smtpd_milters = inet:localhost:8891, unix:opendmarc/opendmarc.sock

Restart Postfix:

				
					systemctl restart postfix

Now your flow becomes:

  • DKIM verification
  • DMARC evaluation

Don’t reject, send to spam (recommended)

Hard blocking can break legitimate emails (forwarding, mailing lists).

Instead, we tag DMARC failures.

Edit:

				
					nano /etc/spamassassin/local.cf

Add:

				
					header DMARC_FAIL Authentication-Results =~ /dmarc=fail/
describe DMARC_FAIL DMARC authentication failed
score DMARC_FAIL 5.0

Restart:

				
					systemctl restart spamassassin

Now spoofed emails:

  • Fail DMARC
  • Get high spam score
  • Land in spam, not inbox

Verification

1. Check milter chain

				
					postconf -n | grep milter

You should see both OpenDKIM and OpenDMARC.

Postfix Milter Chain

2. Send legitimate email

Should pass SPF, DKIM, DMARC

3. Simulate spoof email

Should NOT land in inbox
Should go to spam

Common Mistakes / Edge Cases

Need Help Fixing Your VPS?

If you’re stuck with server issues and need a reliable fix, I troubleshoot real VPS problems daily — from Nginx errors and SMTP failures to DNS and performance issues.

Instead of guessing, get a proven fix based on real experience.

  • Fix Nginx, Apache, and 502/504 errors
  • Resolve SMTP, email, and SES issues
  • Debug DNS, SSL, and domain problems
  • Optimize performance (CPU, RAM, slow sites)
Fix My Server → Get Help Now

Conclusion

The server wasn’t compromised — it was simply missing local DMARC enforcement.

Once OpenDMARC was properly configured and integrated with Postfix, and SpamAssassin was used to score failures, spoofed emails stopped reaching the inbox.

This is a classic example of why DNS-level protection alone isn’t enough — your mail server must enforce it locally.

Tags
May 4, 2026Last Updated: May 3, 2026
127

Tharindu

Hey!! I'm Tharindu. I'm from Sri Lanka. I'm a part time freelancer and this is my blog where I write about everything I think might be useful to readers. If you read a tutorial here and want to hire me, contact me here.

Related Articles

-bash: nano: command not found

How to Fix -bash: nano: command not found with CLI

June 5, 2012
ubuntu-16-04-remote-desktop-vnc

Install Remote Desktop (VNC) on Ubuntu 16.04 Server

September 17, 2016
prosper202 on Nginx VPS

How to Install Prosper202 on Nginx powered VPS

October 23, 2013
enable-root-password-login-on-ec2

How to Enable Root Login on AWS EC2 (And Why You Usually Shouldn’t)

September 8, 2017

Leave a Reply

Your email address will not be published. Required fields are marked *

© Copyright 2012 - 2026
The terms & logos we've used are registered trademarks for their respective corporations, and used on this site for reference proposes only. Infringing behavior isn't intended.
Made with in Sri Lanka
Back to top button