On Monday, July 27, 2009 at 00:49 CEST,
Pablo Yaggi <pya...@alsurdelsur.com> wrote:
> On Sunday 26 July 2009 07:19:39 pm Magnus Bäck wrote:
>
> > I suggest you use SASL instead of POP-before-SMTP and use the
> > smtpd_sender_login_maps feature.
>
> But I'm running a mass virtual hosting server, if i use authenticated
> smtp, it will not prevent for external smtp to deliver mail to my users ?
Only for clients trying to use any of your domains as the sender
address. This is no different from the policy you're asking about.
> > But you can do something similar with POP-before-SMTP.
> >
> > main.cf:
> > smtpd_restriction_classes = permit_pop_before_smtp
> > permit_pop_before_smtp =
> > check_client_access hash:/etc/postfix/pop-before-smtp
>
> > smtpd_sender_restrictions = check_sender_access hash:/path/to/file
> >
> > /path/to/file:
> > example.com permit_pop_before_smtp, reject
> >
> > example.com is a domain that you want to protect from non-POPed
> > clients.
>
> This will prevent anyone how tries to send mail to example.com need to
> be authenticated, but external smtp needs no authentication.
No, it will prevent anyone to send FROM your domain with prior
authentication.
[...]
--
Magnus Bäck
mag...@dsek.lth.se
