On 06/15/2014 11:11 PM, li...@rhsoft.net wrote:
what you describe is*the minimum* requirement of a sane MTA
you must not allow senders you would not accept incoming messages
and no - there are no exceptions for whatever user
I am not sure you understand it but there is little doubt we are talking
about the same thing or not.
The postix server is allowing for now to relay any email by from any
email if the user is locally authenticated.
Others are just blocked.
A local user can send as itself... and as otherusern...@google.com.
Other servers might not like it and will enforce SPF the same way this
server uses it.
I want to force only on authenticated users (since there are other
automated systems that rely on the service) a rule that will force them
to only use the local domains in the "From:" header of the mail body.
For now I enforce rate limiting and other means of enforcement on the
service usage to prevent and detect abnormal usage and abuse of the
local network SMTP relay service.(which works so good that people who
abuse it are stuck in one sec to more then 24 hours no matter if they
scream shout or anything else...)
For now the users and authenticate and send a mail as "u...@google.com"
or "u...@hotmail.com" since the SPF rules of these providers allow a
SOFT SPF enforcement.
I would like to harden the service one level up and not allow this
unless strictly allowed by the admin of the service not related to SPF.
Thanks,
Eliezer
