bharathan kailath wrote:
've a postfix server act as smtp out; i've allowed certain networks in
mynetworks; my domain example.com <http://example.com>; my problem is
from the allowed networks one can send mails (e.g m...@gmail.com
<mailto:m...@gmail.com> to someb...@yahoo.com
<mailto:someb...@yahoo.com>); it should not have accepted mails other
than one of the sender/receiver belong to example.com
<http://example.com> (its own domain)
what could be wrong in the config? following is my config:
Nothing wrong in your config[1], it's just that postfix does
not enforce which domains can be used when sending mail from
authorized clients.
There are several ways you can enforce such a rule. The
simplest is probably
smtpd_sender_restrictions =
check_sender_access hash:/etc/postfix/mydomains
reject_unauth_destination
Where the mydomains table lists your local allowed domains as:
example.com OK
Note this MUST be in smtpd_sender_restrictions.
You can also use "reject_unlisted_sender" in the above list to
insure that sender names in your domain really exist.
http://www.postfix.org/postconf.5.html#reject_unlisted_sender
A more sophisticated (and more complicated) setup would
require all local users to authenticate via SASL and would map
SASL usernames to the allowed MAIL FROM using
http://www.postfix.org/postconf.5.html#reject_sender_login_mismatch
http://www.postfix.org/SASL_README.html
[1] be aware that rfc-ignorant is intended for a scoring
system (such as SpamAssassin), not outright rejects. There is
a strong possibility of rejecting legit mail when used as an
SMTP RBL.
--
Noel Jones
