Banned spoofed address from my domain
in [Postfix]
|
From: Wietse Venema on 21 Feb 2010 17:17 Jonathan Tripathy: [The backup MX host accepts mail from forged local sender addresses, but the backup MX does not support SASL]. > > Actually, the MAILER-DAEMON message doesn't get queued at all! It just > > discards it when it can't find the user (If the from address was > > NOTarealaddress(a)mydomain.com). So I guess it all good... > > Oops I'm confusing myself here. The above is true if the spoofed from > address was from my domain, but the user didn't exsist. If the user is > real, then that user gets the MAILER-DAEMON message.. a) Don't use a backup MX host. Really. b) Don't accept mail "from your domain" on the backup MX host. /etc/postfix/main.cf: smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access /etc/postfix/sender_access: example.com reject Or the equivalent if the machine does not run Postfix. Wietse
From: Jonathan Tripathy on 21 Feb 2010 17:51 On 21/02/2010 22:17, Wietse Venema wrote: > Jonathan Tripathy: > [The backup MX host accepts mail from forged local sender > addresses, but the backup MX does not support SASL]. > > >>> Actually, the MAILER-DAEMON message doesn't get queued at all! It just >>> discards it when it can't find the user (If the from address was >>> NOTarealaddress(a)mydomain.com). So I guess it all good... >>> >> Oops I'm confusing myself here. The above is true if the spoofed from >> address was from my domain, but the user didn't exsist. If the user is >> real, then that user gets the MAILER-DAEMON message.. >> > a) Don't use a backup MX host. Really. > > b) Don't accept mail "from your domain" on the backup MX host. > > /etc/postfix/main.cf: > smtpd_sender_restrictions = > check_sender_access hash:/etc/postfix/sender_access > > /etc/postfix/sender_access: > example.com reject > > Or the equivalent if the machine does not run Postfix. > > Wietse > Hi Wistse, Just wanted to say thank you - you've been a great help this evening! Why not use a backup MX host? But point b fixes my problem anyways Thanks
First
|
Prev
|
Pages: 1 2 3 4 5 Prev: postfix explicit logging all failures in maillog Next: smtpd_banner question |