Please stop the top-posting.
On Thursday 20 August 2009 09:09:34 Israel Garcia wrote:
> This is the postconf -n on my smarthost server.
> myhostname = server.domain
Typically myhostname should be a real DNS name, resolvable from
outside, and should also be the valus of the PTR for the IP address.
> mynetworks = 127.0.0.0/8 xx.xx.xx.xx #<-- my.network.subnet
1. Munging essential information will make it impossible for you to
get real help.
2. You're going to have to limit this to hosts that you TRUST. If
that's the empty set, unset it: "mynetworks =".
> myorigin = /etc/mailname
Be sure to read your Debian README for Debian-specific information.
> transport_maps = hash:/etc/postfix/transport
Why?
> With this conf, only the IPs from mynetworks relay mail throuhg
> the smarthost. BUT, I repeat, users can send mail from their
> servers using any sender address. How can I block this?
Did you know that this default behavior has always existed for mail
systems? Did you know that this is a FAQ on this list, I believe
already asked once this week?
Is this an actual problem, or a theoretical one? If you have actual
abusers (senders using external addresses are probably not real
abusers, but that's for you to decide) revoke their access to your
network. Political/social problems generally do not have solutions
that are technological.
The answer, repeated for you and yet again for the archives, is to
require and enforce authentication, and use smtpd_sender_login_maps,
listing sender addresses you allow for each SASL AUTH user.
http://www.postfix.org/SASL_README.html
http://www.postfix.org/postconf.5.html#smtpd_sender_login_maps
You then use reject_authenticated_sender_login_mismatch *before*
permit_sasl_authenticated in your smtpd_recipient_restrictions.
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
