Prev: Trying to deliver to server on type=A record
Next: relay_alias_maps
From: Rachid Abdelkhalak on 30 Jun 2010 04:47

Hello List,

Is there any way to tell to my postfix in the relay to never accept email
sent from an @myowndomain.tld email address is it is not coming from my
internal mail server? I dont want to use SPF now.

I'm trying to prevent SPAM coming from external networks and spoofing my
internal addreses.

Thank you

From: Sahil Tandon on 30 Jun 2010 18:33
On Wed, 2010-06-30 at 09:47:50 +0100, Rachid Abdelkhalak wrote:

> Is there any way to tell to my postfix in the relay to never accept
> email sent from an @myowndomain.tld email address is it is not
> coming from my internal mail server?

Yes, if it is the envelope that is being spoofed.

http://www.postfix.org/postconf.5.html#smtpd_recipient_restrictions
http://www.postfix.org/access.5.html

--
Sahil Tandon <sahil(a)FreeBSD.org>

From: Rachid Abdelkhalak on 1 Jul 2010 05:14

Hello,

If i understand, the smtpd_recipient_restrictions allow just to give
postfix the list of addresses for wich he can accept emails, but my need
is to prevent that an other person use an other mail server to send emails
using our domain. It mean i want to specify to postfix the servers that
can send mails using mydomain, and NO OTHER SERVER can do it. If postfix
receive emails relayed by other server and coming from mydomain Sender
with @mydomain address, it must reject that email.

Thank you

--
|-Rachid Abdelkhalak
|-Network Security Engineer, MTDS
|-in morocco 080200MTDS
|-direct +212(0)537278820
|-mobile +212(0)661173437
|-14, rue 16 novembre
|-Rabat 10080 Kingdom of Morocco

On Wed, 30 Jun 2010, Sahil Tandon wrote:

> On Wed, 2010-06-30 at 09:47:50 +0100, Rachid Abdelkhalak wrote:
>
>> Is there any way to tell to my postfix in the relay to never accept
>> email sent from an @myowndomain.tld email address is it is not
>> coming from my internal mail server?
>
> Yes, if it is the envelope that is being spoofed.
>
> http://www.postfix.org/postconf.5.html#smtpd_recipient_restrictions
> http://www.postfix.org/access.5.html
>
> --
> Sahil Tandon <sahil(a)FreeBSD.org>
>

From: Noel Jones on 1 Jul 2010 15:42
On 7/1/2010 4:14 AM, Rachid Abdelkhalak wrote:
>
> Hello,
>
> If i understand, the smtpd_recipient_restrictions allow just
> to give postfix the list of addresses for wich he can accept
> emails, but my need is to prevent that an other person use an
> other mail server to send emails using our domain. It mean i
> want to specify to postfix the servers that can send mails
> using mydomain, and NO OTHER SERVER can do it. If postfix
> receive emails relayed by other server and coming from
> mydomain Sender with @mydomain address, it must reject that
> email.
>

Your understanding is wrong.

Read up on smtpd_recipient_restrictions and check_sender_access.

Use a config something like:
smtpd_recipient_restrictions =
permit_mynetworks
reject_unauth_destination
check_sender_access hash:/etc/postfix/sender_access

# contents of /etc/postfix/sender_access
example.com REJECT only internal mail allowed

replace example.com with your own domain.


-- Noel Jones

From: Rachid Abdelkhalak on 1 Jul 2010 17:41

Thank you Noel, I'll try that and let you know.

Best regards.


On Thu, 1 Jul 2010, Noel Jones wrote:

> On 7/1/2010 4:14 AM, Rachid Abdelkhalak wrote:
>>
>> Hello,
>>
>> If i understand, the smtpd_recipient_restrictions allow just
>> to give postfix the list of addresses for wich he can accept
>> emails, but my need is to prevent that an other person use an
>> other mail server to send emails using our domain. It mean i
>> want to specify to postfix the servers that can send mails
>> using mydomain, and NO OTHER SERVER can do it. If postfix
>> receive emails relayed by other server and coming from
>> mydomain Sender with @mydomain address, it must reject that
>> email.
>>
>
> Your understanding is wrong.
>
> Read up on smtpd_recipient_restrictions and check_sender_access.
>
> Use a config something like:
> smtpd_recipient_restrictions =
> permit_mynetworks
> reject_unauth_destination
> check_sender_access hash:/etc/postfix/sender_access
>
> # contents of /etc/postfix/sender_access
> example.com REJECT only internal mail allowed
>
> replace example.com with your own domain.
>
>
> -- Noel Jones
>

 | 
Pages: 1
Prev: Trying to deliver to server on type=A record
Next: relay_alias_maps