restricting acceptence of mail users except from local network
in [Postfix]
|
From: Ruben Safir on 23 Feb 2010 19:32 How do I get postfix to reject mails "From" my own domains coming from outside the local network? Ruben -- http://www.mrbrklyn.com - Interesting Stuff http://www.nylxs.com - Leadership Development in Free Software "> I'm an engineer. I choose the best tool for the job, politics be damned.< You must be a stupid engineer then, because politcs and technology have been attached at the hip since the 1st dynasty in Ancient Egypt. I guess you missed that one."
From: "Steve" on 23 Feb 2010 19:41 -------- Original-Nachricht -------- > Datum: Tue, 23 Feb 2010 19:32:25 -0500 > Von: Ruben Safir <ruben(a)mrbrklyn.com> > An: postfix-users(a)postfix.org > Betreff: restricting acceptence of mail users except from local network > How do I get postfix to reject mails "From" my own domains coming from > outside the local network? > If all your users are authenticating when sending mails you could use something like "reject_sender_login_mismatch" to reject those senders (from inside or outside) that use your domains but have not authenticated. > Ruben > > -- > http://www.mrbrklyn.com - Interesting Stuff > http://www.nylxs.com - Leadership Development in Free Software > "> I'm an engineer. I choose the best tool for the job, politics be > damned.< > You must be a stupid engineer then, because politcs and technology have > been attached at the hip since the 1st dynasty in Ancient Egypt. I guess you > missed that one." -- Sicherer, schneller und einfacher. Die aktuellen Internet-Browser - jetzt kostenlos herunterladen! http://portal.gmx.net/de/go/chbrowser
From: Ruben Safir on 23 Feb 2010 20:25 On Wed, Feb 24, 2010 at 01:41:00AM +0100, Steve wrote: > > -------- Original-Nachricht -------- > > Datum: Tue, 23 Feb 2010 19:32:25 -0500 > > Von: Ruben Safir <ruben(a)mrbrklyn.com> > > An: postfix-users(a)postfix.org > > Betreff: restricting acceptence of mail users except from local network > > > How do I get postfix to reject mails "From" my own domains coming from > > outside the local network? > > > If all your users are authenticating when sending mails you could use something like "reject_sender_login_mismatch" to reject those senders (from inside or outside) that use your domains but have not authenticated. > I don't want them to autheticate. I want the mailserver to just know that my domain doesn't exist in Taiwan. Ruben > > Ruben > > > > -- > > http://www.mrbrklyn.com - Interesting Stuff > > http://www.nylxs.com - Leadership Development in Free Software > > "> I'm an engineer. I choose the best tool for the job, politics be > > damned.< > > You must be a stupid engineer then, because politcs and technology have > > been attached at the hip since the 1st dynasty in Ancient Egypt. I guess you > > missed that one." > > -- > Sicherer, schneller und einfacher. Die aktuellen Internet-Browser - > jetzt kostenlos herunterladen! http://portal.gmx.net/de/go/chbrowser -- http://www.mrbrklyn.com - Interesting Stuff http://www.nylxs.com - Leadership Development in Free Software So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://fairuse.nylxs.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 "Yeah - I write Free Software...so SUE ME" "The tremendous problem we face is that we are becoming sharecroppers to our own cultural heritage -- we need the ability to participate in our own society." "> I'm an engineer. I choose the best tool for the job, politics be damned.< You must be a stupid engineer then, because politcs and technology have been attached at the hip since the 1st dynasty in Ancient Egypt. I guess you missed that one." � Copyright for the Digital Millennium
From: Ruben Safir on 23 Feb 2010 20:35 On Wed, Feb 24, 2010 at 01:41:00AM +0100, Steve wrote: > > -------- Original-Nachricht -------- > > Datum: Tue, 23 Feb 2010 19:32:25 -0500 > > Von: Ruben Safir <ruben(a)mrbrklyn.com> > > An: postfix-users(a)postfix.org > > Betreff: restricting acceptence of mail users except from local network > > > How do I get postfix to reject mails "From" my own domains coming from > > outside the local network? > > > If all your users are authenticating when sending mails you could use something like "reject_sender_login_mismatch" to reject those senders (from inside or outside) that use your domains but have not authenticated. > smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination, reject_rbl_client zen.spamhaus.org Will that do it? Ruben
From: Noel Jones on 23 Feb 2010 21:23
On 2/23/2010 7:35 PM, Ruben Safir wrote: > On Wed, Feb 24, 2010 at 01:41:00AM +0100, Steve wrote: >> >> -------- Original-Nachricht -------- >>> Datum: Tue, 23 Feb 2010 19:32:25 -0500 >>> Von: Ruben Safir<ruben(a)mrbrklyn.com> >>> An: postfix-users(a)postfix.org >>> Betreff: restricting acceptence of mail users except from local network >> >>> How do I get postfix to reject mails "From" my own domains coming from >>> outside the local network? >>> >> If all your users are authenticating when sending mails you could use something like "reject_sender_login_mismatch" to reject those senders (from inside or outside) that use your domains but have not authenticated. >> > > smtpd_recipient_restrictions = > permit_mynetworks,reject_unauth_destination, reject_rbl_client > zen.spamhaus.org > > Will that do it? > > Ruben > While spamhaus is likely to block the majority of spam aimed at your server, it won't specifically reject mail claiming to be from your domain that isn't. If spamhaus doesn't block "enough" of the spam, you can tell postfix to reject mail claiming to be from unknown local sender addresses. Set in main.cf: smtpd_reject_unlisted_sender = yes or you can add a check_sender_access map to specifically reject your domain when mail isn't local. # WARNING this is likely to reject "some" legit mail # main.cf smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination check_sender_access hash:/etc/postfix/sender_access reject_rbl_client zen.spamhaus.org # /etc/postfix/sender_access example.com REJECT only for internal use to activate these changes you'll need to run # postmap sender_access # postfix reload -- Noel Jones |