The feature you're looking for is "SPF" (Sender Policy Framework):
https://wiki.contribs.org/SME_Server:Documentation:Administration_Manual:Appendix#SPF_RecordsYou could address unwanted sending addresses individually:
1. On the SME server:
*
Whitelist-Blacklist Control allows you to block email from a given email address in a server-manager panel
*
Mailsorting would let you create a rule on the server to file or delete the offending messages before they hit the user's inbox
*
Item 5.21.2 on the Email wiki page describes how to block email from one user to another by manually templating and customizing the "badmailfromto" plugin. Similar instructions would probably work for the "badmailfrom" plugin, too.
2. On the user's computer:
Create an email rule that deletes the offending messages
General answer:
Before making any significant configuration changes, you will need to do some research into where the offending emails are originating. Look in the log files or message header to identify the IP address that the offending email came from, then research that IP address.
Info on reviewing the mail server log files can be found here:
https://wiki.contribs.org/Mail_log_file_analysisMXToolbox has an online email header analysis tool:
https://mxtoolbox.com/public/tools/emailheaders.aspxIf the IP is on your LAN:
- Scan the offending system for viruses.
If the IP is the WAN, LAN or localhost IP of the SME server itself, or of any web server or other system under your control:
- look for insecure web applications (usually a "contact us" form of some sort)
- look for other evidence of infection
If the IP address is not under your control:
- Research the IP using a tool such as
https://mxtoolbox.com/blacklists.aspx-- If the offending IP or IPs are listed as spam sources, adjust your DNSBL or RHSBL settings
-- If the offending IP is not listed on any block lists, look into configuring
SPF (Sender Policy Framework) for your domain.
If the log files indicate that the email originated in an authenticated transaction, change the password for the compromised account.