Andrea Gozzi: > On Tue, 2008-09-09 at 13:25 -0400, Wietse Venema wrote: > > Andrea Gozzi: > > > On Tue, 2008-09-09 at 13:03 -0400, Wietse Venema wrote: > > > > > > > > > > > > > > > It works, thanks. > > > > > I have one further question: how do I restrict access to postfix for > > > > > any > > > > > user with @myfreemail.com account only from localhost (where the > > > > > webmail > > > > > is running)? > > > > > > > > The answer depends on how your webmail injects mail into Postfix. > > > > > > > > Wietse > > > > > > Via smtpd. ... > > /etc/postfix/sender_access: > > myfreemail.com REJECT restricted to localhost only ... > The REDIRECT check can easily be bypassed by changing the MAIL FROM: , > so I configured the webmail to allow mail originating from the real > address only. > Unfortunately, someone might still try to connect directly to postfix > and fake the envelope.. > > Is there any way to enforce the localhost origin restriction after the > users have authenticated?
You replied above that the web application injects mail into Postfix via SMTP. This means that the web application gives the MAIL FROM address to Postfix. Therefore the web application can reject addresses that have the wrong sender domain. Wietse