Nick Sharp wrote: > Hi all, > > I am new to this list, so forgive me if I am not up with your current level > of etiquette, I do tune in pretty quickly.. so starting with a long email.. >
Welcome to the list. Unfortunately, you seem to have missed the important line in the Welcome Message: "TO REPORT A PROBLEM SEE: http://www.postfix.org/DEBUG_README.html#mail" I'll muddle through, but without 'postconf -n', I can only guess. > Been trying to stop people sending email to us setting FROM as a user in our > domains. Seems basic enough spam limitation. > > It seems if I configure reject_unauthenticated_sender_login_mismatch in > smtp_sender_restrictions all email gets rejected (with my config below) > (even to $virtual_mailbox_domains) _if_ not in $mynetworks (no auth needed - > seems ok) or if the client is not sasl auth'd (smtp ok again in this > situation) > Using a jack-hammer won't let you drive a nail. A simpler solution is: smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_sender_access hash:/path/to/file /path/to/file: #Using example.com as your domain here #This can be a mysql map if you like. It is hash to show simplicity. #You may customize the REJECT message as you see fit of course. See 'man 5 access' example.com REJECT We do not accept sending from ourselves without authentication .example.com REJECT We do not accept sending from ourselves without authentication #covering both cases since you did not show postconf -n.. Please understand that Postfix checks envelope senders this way. Header >From is a bad measure in many cases to block. Brian