> -----Original Message----- > From: owner-postfix-us...@postfix.org > [mailto:owner-postfix-us...@postfix.org] On Behalf Of Pawel Lesniak > Sent: Wednesday, 4 March 2009 4:19 AM > To: postfix users list > Subject: Re: Spam attacks > > W dniu 2009-03-03 17:46, Noel Jones pisze: > > Some people reject their own domain from outside, unauthenticated > > clients, but this will certainly reject some amount of legit mail. > > Could you write a little bit how is it possible to reject > legit mail by rejecting unauthenticated clients when all > users do use SASL authentication or are in my_networks? > > > Pawel Lesniak > >
We have a very clear policy that users are only permitted to relay mail from our networks. If they are sending from home, they use webmail. We've had one or two instances where external organisations have used some kind of auto-reply mechanism which purports to send from our users, but we simply tell them to fix the sender address. We use a sender access map to reject the spurious senders that aren't coming from my_networks. You can use warn_if_reject to test the impact of this measure for a few days or weeks. main.cf ====== smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_sender, check_sender_access hash:/etc/postfix/sender_access # cat /etc/postfix/sender_access ourdomain.com REJECT ourdomain.gov.au REJECT
