Sender Authentication
in [Postfix]
|
From: Jeroen Geilman on 11 Jun 2010 20:38 On 06/12/2010 02:08 AM, Walter Pinto wrote: > I'm looking for information on restricting users who send mail through > our MX servers to authenticated users only, we currently use > SASL2/MySQL to store valid user info, I'll try to include as much info > as possible. > > The reason I ask is because it seems that as long as the domain is > found in the recipient map, it allows unauthenticated sessions to send > mail, see below. You're not showing any recipient_maps. Anything could be in there. Are you seriously asking how to run a mail server that CANNOT receive mail unless people authenticate ? Hint: your own domains should be in some sort of recipient map, too. Unless you want to leave your mail server unable to receive mail, you normally allow mail to be sent TO your own domains FROM anywhere. J.
From: Thomas Polliard on 12 Jun 2010 03:20 > > I'm pretty sure I already know the answer , just need confirmation. > > Is this statement true or false? You cannot restrict sending mail to authenticated sessions without also restricting incoming mail as well. > > False
From: Thomas Polliard on 12 Jun 2010 03:22 On Jun 12, 2010, at 3:20 AM, Thomas Polliard wrote: >> >> I'm pretty sure I already know the answer , just need confirmation. >> >> Is this statement true or false? You cannot restrict sending mail to authenticated sessions without also restricting incoming mail as well. >> >> > > False False unless you dont want mail for your domain(s) at all. When a user wants to send mail to a domain NOT hosted by your mail server then you want them to authenticate to ensure that you are not an open relay, but incoming mail need not be restricted except to make sure that you are the MX for the domains. Make sense? Thomas
From: Walter Pinto on 12 Jun 2010 17:07 Thomas, That makes sense thanks. What you described is the goal I'm trying to achieve. On Sat, Jun 12, 2010 at 12:22 AM, Thomas Polliard <polliard(a)me.com> wrote: > > On Jun 12, 2010, at 3:20 AM, Thomas Polliard wrote: > > > I'm pretty sure I already know the answer , just need confirmation. > > Is this statement true or false? You cannot restrict sending mail to > authenticated sessions without also restricting incoming mail as well. > > > > False > > > > False unless you dont want mail for your domain(s) at all. > > When a user wants to send mail to a domain NOT hosted by your mail server > then you want them to authenticate to ensure that you are not an open relay, > but incoming mail need not be restricted except to make sure that you are > the MX for the domains. > > Make sense? > > Thomas > -- Walter Pinto System Support / Administrator support(a)amhosting.com www.amhosting.com 4690 Longley Lane, Suite 34 Reno, NV 89502 775.331.3319 866.425.2035
From: Sahil Tandon on 12 Jun 2010 18:17 On Sat, 12 Jun 2010, Walter Pinto wrote: > Troubleshooting what seems to be mail being sent FROM our own domains > *without authentication* TO anywhere. One option: http://www.postfix.org/postconf.5.html#smtpd_sender_login_maps http://www.postfix.org/postconf.5.html#reject_sender_login_mismatch -- Sahil Tandon <sahil(a)FreeBSD.org>
|
Next
|
Last
Pages: 1 2 Prev: upstart and postfix ? Next: Strange problem : email refused during the night ??? |