From: Jeroen Geilman on
On 06/12/2010 02:08 AM, Walter Pinto wrote:
> I'm looking for information on restricting users who send mail through
> our MX servers to authenticated users only, we currently use
> SASL2/MySQL to store valid user info, I'll try to include as much info
> as possible.
>
> The reason I ask is because it seems that as long as the domain is
> found in the recipient map, it allows unauthenticated sessions to send
> mail, see below.

You're not showing any recipient_maps.
Anything could be in there.

Are you seriously asking how to run a mail server that CANNOT receive
mail unless people authenticate ?
Hint: your own domains should be in some sort of recipient map, too.

Unless you want to leave your mail server unable to receive mail, you
normally allow mail to be sent TO your own domains FROM anywhere.

J.

From: Thomas Polliard on
>
> I'm pretty sure I already know the answer , just need confirmation.
>
> Is this statement true or false? You cannot restrict sending mail to authenticated sessions without also restricting incoming mail as well.
>
>

False
From: Thomas Polliard on

On Jun 12, 2010, at 3:20 AM, Thomas Polliard wrote:

>>
>> I'm pretty sure I already know the answer , just need confirmation.
>>
>> Is this statement true or false? You cannot restrict sending mail to authenticated sessions without also restricting incoming mail as well.
>>
>>
>
> False


False unless you dont want mail for your domain(s) at all.

When a user wants to send mail to a domain NOT hosted by your mail server then you want them to authenticate to ensure that you are not an open relay, but incoming mail need not be restricted except to make sure that you are the MX for the domains.

Make sense?

Thomas
From: Walter Pinto on
Thomas,

That makes sense thanks. What you described is the goal I'm trying to
achieve.



On Sat, Jun 12, 2010 at 12:22 AM, Thomas Polliard <polliard(a)me.com> wrote:

>
> On Jun 12, 2010, at 3:20 AM, Thomas Polliard wrote:
>
>
> I'm pretty sure I already know the answer , just need confirmation.
>
> Is this statement true or false? You cannot restrict sending mail to
> authenticated sessions without also restricting incoming mail as well.
>
>
>
> False
>
>
>
> False unless you dont want mail for your domain(s) at all.
>
> When a user wants to send mail to a domain NOT hosted by your mail server
> then you want them to authenticate to ensure that you are not an open relay,
> but incoming mail need not be restricted except to make sure that you are
> the MX for the domains.
>
> Make sense?
>
> Thomas
>



--
Walter Pinto
System Support / Administrator
support(a)amhosting.com
www.amhosting.com
4690 Longley Lane, Suite 34
Reno, NV 89502
775.331.3319 866.425.2035
From: Sahil Tandon on
On Sat, 12 Jun 2010, Walter Pinto wrote:

> Troubleshooting what seems to be mail being sent FROM our own domains
> *without authentication* TO anywhere.

One option:

http://www.postfix.org/postconf.5.html#smtpd_sender_login_maps
http://www.postfix.org/postconf.5.html#reject_sender_login_mismatch

--
Sahil Tandon <sahil(a)FreeBSD.org>