Nyoman [D] wrote:
On Thu, 2009-09-03 at 09:28 +0700, Kiswono Prayogo wrote:
iya, tapi kalo permit_my_networks-nya diilangin, webmail yang pake imap ga
berkutik kirim email --> ya webmailnya di set pakai authentication
sasl waktu mau ngirim, soalnya kalau tidak, bakal bisa ngirim sebagai
orang lain (si x ngirim sebagai si y dst.. itu seram sekali, bisa
gila..)


permit_my_networks-nya di allow untuk 127.0.0.1 saja pak

Nyoman
Sepertinya yg di tanyakan TS bukan bagaimana supaya squirrelmailnya bisa ngirim, tapi gimana caranya supaya supaya user yg login nggak bisa spoofing sender address.

Aug 30 05:05:06 webmail postfix/cleanup[1473]: 5621323FA7: message-id=<7a2d144cd865d8824ecac6ef0cc92afb.squir...@mydomain> Aug 30 05:05:06 webmail postfix/qmgr[1155]: 5621323FA7: from=<i...@email.com>, size=1501, nrcpt=201 (queue active) Aug 30 05:05:07 webmail postfix/smtpd[1470]: disconnect from localhost.localdomain[127.0.0.1]

smtpd_restriction_classes = has_our_domain_as_sender
has_our_domain_as_sender = check_sender_access hash:/etc/postfix/mydomains, reject

isi mydomains

domain.com OK
domain.org  OK

postmap mydomains

smtpd_recipient_restrictions =
  check_client_access hash:/etc/postfix/internal_networks,
  permit_mynetworks,
  permit_sasl_authenticated,
  reject_unauth_destination,
  reject_unlisted_recipient,
  .......

isi internal_networks

127.0.0.1           has_our_domain_as_sender
192.168.1          has_our_domain_as_sender
192.168.2          has_our_domain_as_sender

postmap internal_networks
postfix reload

cuma email address dengan domain yg di specified di mydomains yg bisa kirim, yg lain di reject.

note: not tested

cmiiw


PT.CITRA SARI MAKMUR
SATELLITE & TERRESTRIAL NETWORK

Connecting the distance - anytime, anywhere, any content
http://www.csmcom.com

Reply via email to