On these days where theft of credentials of legitimate e-mail server users in order to send spam checking the MAIL FROM: using smtpd_reject_unlisted_sender would be a helping Postfix feature.
Perhaps it is a misunderstanding from my side about the actual meaning of parameter smtpd_reject_unlisted_sender but if "smtpd_reject_unlisted_sender = yes" is present on main.cf... How is it possible for an user to send an mail from an unknown sender addresses neither listed in virtual nor canonical? The user is connecting to the smtp server and authenticates itself correctly but he's sending e-mails from an absolutely alien e-mail address (both user and domain part of the e-mail address) If the authenticated user tries to send e-mail from a non-existent e-mail address (user part) of a local domain the e-mail is rejected but if he/she uses a non-existent e-mail address of an alien domain the e-mail message is accepted by smtpd server. Shouldn't ALL those mails be rejected by smtpd? -- Bernardo Pons
