Perhaps I have expressed it wrong. Many of our users use alias'es as FROM, office scanners, scripts, etc. I have implemented this solution in our legacy systems. Limiting to a domain had a lower impact. Most of leaked SMTP credentials use spoofed senders ( telekom.de, gmail.com, etc.). This blocked ~95% of our outbound spam. Still fine tuning it.
Now I'm not 100% Postfix'ish, but searching the web gave me no cheap solution how to implement it in Postfix. > > > I don't know how to do that but I wonder why you want to. The whole > > > point of authentication is to allow your users to get email without > > > having to trust the system they are coming in from. If you trust > > > the domain then just add it to mynetworks and don't bother with > > > authentication. I suggest authentication though so that your users > > > can get their email no matter where they are. People are mobile. > > > > Whoa, whoa, whoa. The original poster was asking about sending email. > > You're talking about getting email which is the role of an IMAP or > > My mistake but "get" to "send" and that's what I meant to say. > Authenticating before sending is the best protection. Of course, you > trust that the user's account hasn't been compromised but that's always > an issue anyway. > > > POP server such as Dovecot, not Postfix. Besides that, mynetworks > > defines trusted IP addresses, not domains. > > Sure. I was using shorthand here but yes I should have said "...add > the sender's IP address to mynetworks..." I would think that he wanted > to guarantee that an email claiming to be from a particular domain is > really coming from there anyway. > > -- > D'Arcy J.M. Cain > System Administrator, Vex.Net > http://www.Vex.Net/ IM:da...@vex.net > VoIP: sip:da...@vex.net > -- V.
