On Monday, July 27, 2009 at 00:49 CEST, Pablo Yaggi <pya...@alsurdelsur.com> wrote:
> On Sunday 26 July 2009 07:19:39 pm Magnus Bäck wrote: > > > I suggest you use SASL instead of POP-before-SMTP and use the > > smtpd_sender_login_maps feature. > > But I'm running a mass virtual hosting server, if i use authenticated > smtp, it will not prevent for external smtp to deliver mail to my users ? Only for clients trying to use any of your domains as the sender address. This is no different from the policy you're asking about. > > But you can do something similar with POP-before-SMTP. > > > > main.cf: > > smtpd_restriction_classes = permit_pop_before_smtp > > permit_pop_before_smtp = > > check_client_access hash:/etc/postfix/pop-before-smtp > > > smtpd_sender_restrictions = check_sender_access hash:/path/to/file > > > > /path/to/file: > > example.com permit_pop_before_smtp, reject > > > > example.com is a domain that you want to protect from non-POPed > > clients. > > This will prevent anyone how tries to send mail to example.com need to > be authenticated, but external smtp needs no authentication. No, it will prevent anyone to send FROM your domain with prior authentication. [...] -- Magnus Bäck mag...@dsek.lth.se