sender restrictions based on IP of sender
in [Postfix]
|
Prev: postfix-2.7.1 mail_params.c:531: error: expected expressionbefore '/' token
Next: Relaying mail from the same domain to another server
From: Wojtek Bogusz on 12 Jul 2010 09:59 hi, could you please help me to understand is this possible with postfix configuration: i have postfix installed on the gateway computer and also on the internal mail server. the internal mail server accepts emails only from LAN addresses and does not require authentication from users to send email using local address in 'from' field. gateway does require authentication and is using SASL and TLS and accepts email also from outside LAN. my problem is that there is lots of spam delivered using local address both in 'to' and 'from' fields. i can use "reject_unauthenticated_sender_login_mismatch" in main.cf on the gateway as in: smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauthenticated_sender_login_mismatch but than all the emails from internal email server are being rejected, as they come not authenticated. is there any setting that would make postfix allow sending messages with local address as 'from' on connections from LAN IP and request authentication on all emails coming from outside IP when using local address in 'from' field? i am not sure i manage to explain myself well. please let me know. cheers, Wojtek
From: Noel Jones on 12 Jul 2010 12:08 On 7/12/2010 8:59 AM, Wojtek Bogusz wrote: > hi, could you please help me to understand is this possible with postfix > configuration: > > i have postfix installed on the gateway computer and also on the > internal mail server. > the internal mail server accepts emails only from LAN addresses and does > not require authentication from users to send email using local address > in 'from' field. > gateway does require authentication and is using SASL and TLS and > accepts email also from outside LAN. > > my problem is that there is lots of spam delivered using local address > both in 'to' and 'from' fields. i can use > "reject_unauthenticated_sender_login_mismatch" in main.cf on the gateway > as in: > > smtpd_sender_restrictions = check_sender_access > hash:/etc/postfix/sender_access, reject_non_fqdn_sender, > reject_unknown_sender_domain, reject_unauthenticated_sender_login_mismatch > > but than all the emails from internal email server are being rejected, > as they come not authenticated. > > is there any setting that would make postfix allow sending messages with > local address as 'from' on connections from LAN IP and request > authentication on all emails coming from outside IP when using local > address in 'from' field? > > i am not sure i manage to explain myself well. please let me know. > cheers, Wojtek > Use "permit_mynetworks" before "reject_unauthenticated_sender_login_mismatch" -- Noel Jones
From: Wojtek Bogusz on 13 Jul 2010 09:23
thank you Noel. so simple :-) and it works. regards, Wojtek Noel Jones wrote: > On 7/12/2010 8:59 AM, Wojtek Bogusz wrote: >> hi, could you please help me to understand is this possible with postfix >> configuration: >> >> i have postfix installed on the gateway computer and also on the >> internal mail server. >> the internal mail server accepts emails only from LAN addresses and does >> not require authentication from users to send email using local address >> in 'from' field. >> gateway does require authentication and is using SASL and TLS and >> accepts email also from outside LAN. >> >> my problem is that there is lots of spam delivered using local address >> both in 'to' and 'from' fields. i can use >> "reject_unauthenticated_sender_login_mismatch" in main.cf on the gateway >> as in: >> >> smtpd_sender_restrictions = check_sender_access >> hash:/etc/postfix/sender_access, reject_non_fqdn_sender, >> reject_unknown_sender_domain, >> reject_unauthenticated_sender_login_mismatch >> >> but than all the emails from internal email server are being rejected, >> as they come not authenticated. >> >> is there any setting that would make postfix allow sending messages with >> local address as 'from' on connections from LAN IP and request >> authentication on all emails coming from outside IP when using local >> address in 'from' field? >> >> i am not sure i manage to explain myself well. please let me know. >> cheers, Wojtek >> > > Use "permit_mynetworks" before > "reject_unauthenticated_sender_login_mismatch" > > -- Noel Jones |