Prev: postfix explicit logging all failures in maillog
Next: smtpd_banner question
From: Jonathan Tripathy on 21 Feb 2010 13:57
Hi Folks,

To prevent spammers sending email from spoofed addressed that appear
from my domain, I currently use SPF. I'm having second thoughts about
using SPF, so is there any other way to make sure that only
authenticated users can send email from my domain?

Thanks
From: Wietse Venema on 21 Feb 2010 14:05
Jonathan Tripathy:
> Hi Folks,
>
> To prevent spammers sending email from spoofed addressed that appear
> from my domain, I currently use SPF. I'm having second thoughts about
> using SPF, so is there any other way to make sure that only
> authenticated users can send email from my domain?

Receivers may "verify" the message origin with SPF, DKIM, S/Mime,
or other information that you make available to those receivers.

But nothing requires that receivers do those things.

Wietse

From: Jonathan Tripathy on 21 Feb 2010 14:17


On 21/02/2010 19:05, Wietse Venema wrote:
> Jonathan Tripathy:
>
>> Hi Folks,
>>
>> To prevent spammers sending email from spoofed addressed that appear
>> from my domain, I currently use SPF. I'm having second thoughts about
>> using SPF, so is there any other way to make sure that only
>> authenticated users can send email from my domain?
>>
> Receivers may "verify" the message origin with SPF, DKIM, S/Mime,
> or other information that you make available to those receivers.
>
> But nothing requires that receivers do those things.
>
> Wietse
>

Sorry I forgot to state that im only concerned with MY server here. For
example, I don't want someone to telnet to MY postfix server, and give
me(a)mydomain.com for both sender and receiver

From: Sahil Tandon on 21 Feb 2010 14:22
On Sun, 21 Feb 2010, Jonathan Tripathy wrote:

> On 21/02/2010 19:05, Wietse Venema wrote:
> >Jonathan Tripathy:
> >>Hi Folks,
> >>
> >>To prevent spammers sending email from spoofed addressed that appear
> >>from my domain, I currently use SPF. I'm having second thoughts about
> >>using SPF, so is there any other way to make sure that only
> >>authenticated users can send email from my domain?
> >Receivers may "verify" the message origin with SPF, DKIM, S/Mime,
> >or other information that you make available to those receivers.
> >
> >But nothing requires that receivers do those things.
> >
> > Wietse
>
> Sorry I forgot to state that im only concerned with MY server here.
> For example, I don't want someone to telnet to MY postfix server,
> and give me(a)mydomain.com for both sender and receiver

Use a policy service like postfwd or get creative with access tables.
Search google and this list's archives for some variant of 'sender equal
to recipient'.

--
Sahil Tandon <sahil(a)tandon.net>

From: LuKreme on 21 Feb 2010 14:39
On 21-Feb-2010, at 12:22, Sahil Tandon wrote:
>> Sorry I forgot to state that im only concerned with MY server here.
>> For example, I don't want someone to telnet to MY postfix server,
>> and give me(a)mydomain.com for both sender and receiver

What's the matter with te SPF configuration you already have?

--
I DID NOT LEARN EVERYTHING I NEED TO KNOW IN KINDERGARTEN
Bart chalkboard Ep. 3F23

 |  Next  |  Last
Pages: 1 2 3 4 5
Prev: postfix explicit logging all failures in maillog
Next: smtpd_banner question