On Tue, Jun 09, 2009 at 08:32:40PM +0200, Magnus B?ck wrote:
> > The clients mail-servers connect to our postfix servers , authenticate
> > using a client-accountid and send the messages.
> >
> > I would like to restrict the from domains for every client.(Mainly to
> > prevent inadvertent spam outbreaks)
>
> http://www.postfix.org/postconf.5.html#smtpd_sender_login_maps
This will prevent forgery of "owned" addresses, but will not restrict
senders from choosing an "unowned" address. For that, one also needs an
access table, that limits senders to use one of the owned addresses.
# Only suitable for MSA systems, DO NOT DO this on inbound MX hosts
#
smtpd_sender_restrictions =
reject_sender_login_mismatch,
#
# MUST return OK for owned addresses, also allow "<>" if some
# of the MSA clients are MTAs for a set of domains, and can
# send bounces. Of course, MTAs can also forward email, which
# without SRS or other similar pain, will be rejected!
#
# This table lists the same addresses as sender_login_maps, with
# an RHS of "OK" instead of a list of login names.
#
check_sender_access cdb:/etc/postfix/sender_has_login,
#
# rejects remaining sender addresses.
#
reject
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majord...@postfix.org?body=unsubscribe%20postfix-users>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
