Nyoman [D] wrote:
On Thu, 2009-09-03 at 09:28 +0700, Kiswono Prayogo wrote:
iya, tapi kalo permit_my_networks-nya diilangin, webmail yang pake imap ga
berkutik kirim email --> ya webmailnya di set pakai authentication
sasl waktu mau ngirim, soalnya kalau tidak, bakal bisa ngirim sebagai
orang lain (si x ngirim sebagai si y dst.. itu seram sekali, bisa
gila..)
permit_my_networks-nya di allow untuk 127.0.0.1 saja pak
Nyoman
Sepertinya yg di tanyakan TS bukan bagaimana supaya squirrelmailnya bisa
ngirim, tapi gimana caranya supaya supaya user yg login nggak bisa
spoofing sender address.
Aug 30 05:05:06 webmail postfix/cleanup[1473]: 5621323FA7:
message-id=<7a2d144cd865d8824ecac6ef0cc92afb.squir...@mydomain>
Aug 30 05:05:06 webmail postfix/qmgr[1155]: 5621323FA7:
from=<i...@email.com>, size=1501, nrcpt=201 (queue active)
Aug 30 05:05:07 webmail postfix/smtpd[1470]: disconnect from
localhost.localdomain[127.0.0.1]
smtpd_restriction_classes = has_our_domain_as_sender
has_our_domain_as_sender = check_sender_access
hash:/etc/postfix/mydomains, reject
isi mydomains
domain.com OK
domain.org OK
postmap mydomains
smtpd_recipient_restrictions =
check_client_access hash:/etc/postfix/internal_networks,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_unlisted_recipient,
.......
isi internal_networks
127.0.0.1 has_our_domain_as_sender
192.168.1 has_our_domain_as_sender
192.168.2 has_our_domain_as_sender
postmap internal_networks
postfix reload
cuma email address dengan domain yg di specified di mydomains yg bisa
kirim, yg lain di reject.
note: not tested
cmiiw
PT.CITRA SARI MAKMUR
SATELLITE & TERRESTRIAL NETWORK
Connecting the distance - anytime, anywhere, any content
http://www.csmcom.com
