Hi,
we utilize something along these lines. And yes: the forwarding problem
needs to be addressed.
in main.cf:
smtpd_sender_restrictions =
permit_mynetworks,
reject_non_fqdn_sender,
reject_authenticated_sender_login_mismatch,
permit_sasl_authenticated,
check_sender_access hash:/etc/postfix/check_sender_access.hash.cf,
permit
in check_sender_access.hash.cf:
## list of exceptions
# a subdomain that sends mail for $reason, this is what you wanted?
somesubdomain.volkshilfe-ooe.at OK
# external systems that send mail to us with fake address
[email protected]
# receipients that needs forwards (buggy list software from a partner)
[email protected]
...
# require auth
volkshilfe-ooe.at REJECT authentication required
The hash map is versatile enough for our use. But this method seen
better days... 3,4 years ago this nuked like 80-90% of incomming spam.
Now it's below 5% of incomming traffic. Not sure if I would implement it
now again (was worth it when we implemented it though).
It works only if you have a small number of users that need forwarding
back to you.
lg,
rupi
--
Rainer Ruprechtsberger
Volkshilfe Oberösterreich
IT
4020 Linz, Glimpfingerstrasse 48
Tel.: +43 732 3405 123
Mobil.: +43 676 8734 1123
ZVR Zahl: 064371505
Volkshilfe. Wir sind für die Menschen da.
