On Thu, Aug 20, 2009 at 11:32 AM, /dev/rob0<r...@gmx.co.uk> wrote: > Please stop the top-posting. OK, I'm sorry.
> > On Thursday 20 August 2009 09:09:34 Israel Garcia wrote: >> This is the postconf -n on my smarthost server. > >> myhostname = server.domain DONE! > > Typically myhostname should be a real DNS name, resolvable from > outside, and should also be the valus of the PTR for the IP address. > >> mynetworks = 127.0.0.0/8 xx.xx.xx.xx #<-- my.network.subnet > > 1. Munging essential information will make it impossible for you to > get real help. > 2. You're going to have to limit this to hosts that you TRUST. If > that's the empty set, unset it: "mynetworks =". > >> myorigin = /etc/mailname > > Be sure to read your Debian README for Debian-specific information. > >> transport_maps = hash:/etc/postfix/transport > > Why? DELETED! > >> With this conf, only the IPs from mynetworks relay mail throuhg >> the smarthost. BUT, I repeat, users can send mail from their >> servers using any sender address. How can I block this? > > Did you know that this default behavior has always existed for mail > systems? Did you know that this is a FAQ on this list, I believe > already asked once this week? > > Is this an actual problem, or a theoretical one? If you have actual > abusers (senders using external addresses are probably not real > abusers, but that's for you to decide) revoke their access to your > network. Political/social problems generally do not have solutions > that are technological. > theoretical. > The answer, repeated for you and yet again for the archives, is to > require and enforce authentication, and use smtpd_sender_login_maps, > listing sender addresses you allow for each SASL AUTH user. > > http://www.postfix.org/SASL_README.html > http://www.postfix.org/postconf.5.html#smtpd_sender_login_maps > > You then use reject_authenticated_sender_login_mismatch *before* > permit_sasl_authenticated in your smtpd_recipient_restrictions. > -- > Offlist mail to this address is discarded unless > "/dev/rob0" or "not-spam" is in Subject: header > well, here's my actual postconf -n append_dot_mydomain = no biff = no config_directory = /etc/postfix disable_vrfy_command = yes inet_interfaces = all local_recipient_maps = local_transport = error:local mail delivery is disabled mailbox_size_limit = 1024000 mydestination = myhostname = vps198.domain.xxx mynetworks = 127.0.0.0/8 67.XXX.XX.0/24 myorigin = /etc/mailname readme_directory = no relayhost = smtpd_banner = $myhostname ESMTP $mail_name smtpd_client_restrictions = reject_unknown_sender_domain, check_client_access hash:/etc/postfix/access, permit_mynetworks, reject smtpd_data_restrictions = reject_unauth_pipelining, permit smtpd_error_sleep_time = 60 smtpd_hard_error_limit = 10 smtpd_helo_required = yes smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recipients, permit_mynetworks, reject smtpd_restriction_classes = no_spam smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/blackwhitelist smtpd_soft_error_limit = 60 virtual_alias_maps = hash:/etc/postfix/virtual Now that I control all mail on this server, What would add to this configuration in order to improve the cuality of my mail service. Thanks. -- Regards; Israel Garcia
