From: Rachid Abdelkhalak on 30 Jun 2010 04:47 Hello List, Is there any way to tell to my postfix in the relay to never accept email sent from an @myowndomain.tld email address is it is not coming from my internal mail server? I dont want to use SPF now. I'm trying to prevent SPAM coming from external networks and spoofing my internal addreses. Thank you
From: Sahil Tandon on 30 Jun 2010 18:33 On Wed, 2010-06-30 at 09:47:50 +0100, Rachid Abdelkhalak wrote: > Is there any way to tell to my postfix in the relay to never accept > email sent from an @myowndomain.tld email address is it is not > coming from my internal mail server? Yes, if it is the envelope that is being spoofed. http://www.postfix.org/postconf.5.html#smtpd_recipient_restrictions http://www.postfix.org/access.5.html -- Sahil Tandon <sahil(a)FreeBSD.org>
From: Rachid Abdelkhalak on 1 Jul 2010 05:14 Hello, If i understand, the smtpd_recipient_restrictions allow just to give postfix the list of addresses for wich he can accept emails, but my need is to prevent that an other person use an other mail server to send emails using our domain. It mean i want to specify to postfix the servers that can send mails using mydomain, and NO OTHER SERVER can do it. If postfix receive emails relayed by other server and coming from mydomain Sender with @mydomain address, it must reject that email. Thank you -- |-Rachid Abdelkhalak |-Network Security Engineer, MTDS |-in morocco 080200MTDS |-direct +212(0)537278820 |-mobile +212(0)661173437 |-14, rue 16 novembre |-Rabat 10080 Kingdom of Morocco On Wed, 30 Jun 2010, Sahil Tandon wrote: > On Wed, 2010-06-30 at 09:47:50 +0100, Rachid Abdelkhalak wrote: > >> Is there any way to tell to my postfix in the relay to never accept >> email sent from an @myowndomain.tld email address is it is not >> coming from my internal mail server? > > Yes, if it is the envelope that is being spoofed. > > http://www.postfix.org/postconf.5.html#smtpd_recipient_restrictions > http://www.postfix.org/access.5.html > > -- > Sahil Tandon <sahil(a)FreeBSD.org> >
From: Noel Jones on 1 Jul 2010 15:42 On 7/1/2010 4:14 AM, Rachid Abdelkhalak wrote: > > Hello, > > If i understand, the smtpd_recipient_restrictions allow just > to give postfix the list of addresses for wich he can accept > emails, but my need is to prevent that an other person use an > other mail server to send emails using our domain. It mean i > want to specify to postfix the servers that can send mails > using mydomain, and NO OTHER SERVER can do it. If postfix > receive emails relayed by other server and coming from > mydomain Sender with @mydomain address, it must reject that > email. > Your understanding is wrong. Read up on smtpd_recipient_restrictions and check_sender_access. Use a config something like: smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination check_sender_access hash:/etc/postfix/sender_access # contents of /etc/postfix/sender_access example.com REJECT only internal mail allowed replace example.com with your own domain. -- Noel Jones
From: Rachid Abdelkhalak on 1 Jul 2010 17:41 Thank you Noel, I'll try that and let you know. Best regards. On Thu, 1 Jul 2010, Noel Jones wrote: > On 7/1/2010 4:14 AM, Rachid Abdelkhalak wrote: >> >> Hello, >> >> If i understand, the smtpd_recipient_restrictions allow just >> to give postfix the list of addresses for wich he can accept >> emails, but my need is to prevent that an other person use an >> other mail server to send emails using our domain. It mean i >> want to specify to postfix the servers that can send mails >> using mydomain, and NO OTHER SERVER can do it. If postfix >> receive emails relayed by other server and coming from >> mydomain Sender with @mydomain address, it must reject that >> email. >> > > Your understanding is wrong. > > Read up on smtpd_recipient_restrictions and check_sender_access. > > Use a config something like: > smtpd_recipient_restrictions = > permit_mynetworks > reject_unauth_destination > check_sender_access hash:/etc/postfix/sender_access > > # contents of /etc/postfix/sender_access > example.com REJECT only internal mail allowed > > replace example.com with your own domain. > > > -- Noel Jones >
|
Pages: 1 Prev: Trying to deliver to server on type=A record Next: relay_alias_maps |