On Thu, Mar 26, 2026 at 03:44:18PM +0100, John Fawcett via Postfix-users wrote:
> > Accepting mail for your own domains on port 25 is not submission, the
> > SMTP server cannot reasonably distinguish between an MTA sending inbound
> > mail and an MUA doing the same thing.
> >
> In general no, but the distinction could be made based on a sender present
> in smtpd_sender_login_maps. It would need a new configuration parameter to
> be able to reject mail from an unauthenticated sender where authentication
> is not enabled.
Sure, but again, that's not an MUA vs. MTA distinction, rather it is a
way to reject forgery of internal envelope sender addresses by
unauthenticated clients. The simplest thing is often to just block port
25 messages with an envelope sender in your domains, the SASL does not
actually come into it.
smtpd_sender_restrictions =
check_sender_access inline:{
{ example.com = reject },
{ example.net = reject },
{ example.org = reject }
}
Applies equally to all clients, whether MTAs or MUAs.
--
Viktor. 🇺🇦 Слава Україні!
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
