On 13.05.21 12:12, Dominic Raferd wrote:
But it doesn't stop them sending from a different domain that is not
listed in my virtual_alias_domains, such as f...@gmail.com. Currently
I stop this with my own check_sender_access file (in an smtpd
restriction list applied only to auth emails) that DUNNOs my domains
and then REJECTs all others.
I feel there is (or ought to be) a way of achieving this that does not
require creating a bespoke file/entry. I see
'reject_unknown_sender_domain' but it does not match my use case, and
I cannot use 'reject_sender_login_mismatch' because some users need to
be able to send from >1 name (all @mydomain) but using 1 login. I
think I want 'reject_unlisted_sender_domain' (which does not exist).
On 13/05/2021 12:26, Matus UHLAR - fantomas wrote:
you can allow logins/senders with smtpd_sender_login_maps and after that
disable sender - only what you allow as sender will be accepted.
On 13.05.21 13:00, Dominic Raferd wrote:
Thanks but won't that have the same problem as
'reject_sender_login_mismatch'? I need to allow them to send from any
'legit' name@mydomain (not just their login name) but not from any
name@wilddomain.
Oh yes, sorry.
you can use check_sender_access and list wildcards in allowed from domains.
Note that all of these apply for (envelope) mail from:, not header From:
You probably could check headers with header_checks but that one could be
cheated e.g. using multiple From: headers or tricking From: to look like
having multiple address
And, of course, is applicable for all mail received by the same means e.g.
on submission/smtps port.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
We are but packets in the Internet of life (userfriendly.org)
