Banned spoofed address from my domain
in [Postfix]
|
From: Jonathan Tripathy on 21 Feb 2010 16:46 On 21/02/2010 21:31, Jonathan Tripathy wrote: > > > On 21/02/2010 21:16, Wietse Venema wrote: >> Jonathan Tripathy: >>>> You can also specify MULTIPLE maps: >>>> >>>> /etc/postfix:main.cf >>>> smtpd_sender_login_maps = mysql:whatever >>>> hash:/etc/postfix/default >>>> >>>> /etc/postfix/default: >>>> @example.com root >>>> >>>> Don't forget to postmap the /etc/postfix/default file. >>> Great! That seemed to have worked really well! Thanks >>> >>> Just a couple of questions, it is safe to give @mydomain.com an >>> owner of >>> root in my hash file? >> Use a name that will never be used. >> >>> Also, what are your views on SPF? Just I ditch it, or go for it? >> That depends entirely on your users. SPF assumes that mail won't >> be forwarded, or that forwarders munge the sender address with SRS. >> >> Wietse > > Ok so your solution (Adding another sender login map) worked on my > primary mx. Currently, my backup mx allows "relaying" to my primary mx > using a combination of transport maps and relay_domains. Any ideas on > how to get something similar working for my backup mx? It seems that > the sender_login_maps file is ignored for domains specified in > relay_domains. > > Thanks My main issue is that my backup mx doesn't have sasl enabled (It's relay only..)
From: Wietse Venema on 21 Feb 2010 16:55 Jonathan Tripathy: > My main issue is that my backup mx doesn't have sasl enabled (It's relay > only..) Why would your users submit mail to the backup MX host? Wietse
From: Jonathan Tripathy on 21 Feb 2010 17:00 On 21/02/2010 21:55, Wietse Venema wrote: > Jonathan Tripathy: > >> My main issue is that my backup mx doesn't have sasl enabled (It's relay >> only..) >> > Why would your users submit mail to the backup MX host? > > Wietse > You're correct, they woudn't. I just don't like the thought that someone could connect to the backup mx and pretend to be from my domain. However, as I've just found out, since the backup mx is "relaying" to primary, the primary mx bounces an email back, so I guess the email won't be delivered anyway, however the queue gets a MAILER-DAEMON messagage...
From: Jonathan Tripathy on 21 Feb 2010 17:03 On 21/02/2010 22:00, Jonathan Tripathy wrote: > > > On 21/02/2010 21:55, Wietse Venema wrote: >> Jonathan Tripathy: >>> My main issue is that my backup mx doesn't have sasl enabled (It's >>> relay >>> only..) >> Why would your users submit mail to the backup MX host? >> >> Wietse > > You're correct, they woudn't. I just don't like the thought that > someone could connect to the backup mx and pretend to be from my > domain. However, as I've just found out, since the backup mx is > "relaying" to primary, the primary mx bounces an email back, so I > guess the email won't be delivered anyway, however the queue gets a > MAILER-DAEMON messagage... Actually, the MAILER-DAEMON message doesn't get queued at all! It just discards it when it can't find the user (If the from address was NOTarealaddress(a)mydomain.com). So I guess it all good...
From: Jonathan Tripathy on 21 Feb 2010 17:06 On 21/02/2010 22:03, Jonathan Tripathy wrote: > > > On 21/02/2010 22:00, Jonathan Tripathy wrote: >> >> >> On 21/02/2010 21:55, Wietse Venema wrote: >>> Jonathan Tripathy: >>>> My main issue is that my backup mx doesn't have sasl enabled (It's >>>> relay >>>> only..) >>> Why would your users submit mail to the backup MX host? >>> >>> Wietse >> >> You're correct, they woudn't. I just don't like the thought that >> someone could connect to the backup mx and pretend to be from my >> domain. However, as I've just found out, since the backup mx is >> "relaying" to primary, the primary mx bounces an email back, so I >> guess the email won't be delivered anyway, however the queue gets a >> MAILER-DAEMON messagage... > > Actually, the MAILER-DAEMON message doesn't get queued at all! It just > discards it when it can't find the user (If the from address was > NOTarealaddress(a)mydomain.com). So I guess it all good... Oops I'm confusing myself here. The above is true if the spoofed from address was from my domain, but the user didn't exsist. If the user is real, then that user gets the MAILER-DAEMON message..
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 4 5 Prev: postfix explicit logging all failures in maillog Next: smtpd_banner question |