On Thu, 2008-09-11 at 08:20 -0400, Wietse Venema wrote: > Andrea Gozzi: > > On Tue, 2008-09-09 at 13:25 -0400, Wietse Venema wrote: > > > Andrea Gozzi: > > > > On Tue, 2008-09-09 at 13:03 -0400, Wietse Venema wrote: > > > > > > > > > > > > > > > > > > It works, thanks. > > > > > > I have one further question: how do I restrict access to postfix > > > > > > for any > > > > > > user with @myfreemail.com account only from localhost (where the > > > > > > webmail > > > > > > is running)? > > > > > > > > > > The answer depends on how your webmail injects mail into Postfix. > > > > > > > > > > Wietse > > > > > > > > Via smtpd. > ... > > > /etc/postfix/sender_access: > > > myfreemail.com REJECT restricted to localhost only > ... > > The REDIRECT check can easily be bypassed by changing the MAIL FROM: , > > so I configured the webmail to allow mail originating from the real > > address only. > > Unfortunately, someone might still try to connect directly to postfix > > and fake the envelope.. > > > > Is there any way to enforce the localhost origin restriction after the > > users have authenticated? > > You replied above that the web application injects mail into Postfix > via SMTP. This means that the web application gives the MAIL FROM > address to Postfix. Therefore the web application can reject > addresses that have the wrong sender domain.
Yep that is in place - webmail works perfectly. But some of the spammers are turning out to be smarter than they look and start connecting directly to my smtp server. I need to avoid sender spoofing or the REDIRECT won't work. As I wrote in a previous message: On Thu, 2008-09-11 at 14:10 +0200, Andrea Gozzi wrote: > After some research, I thought I would be happier with > reject_authenticated_sender_login_mismatch > Unfortunately some users relay through my postfix server and I can't add > every one of their other addresses to smtpd_sender_login_maps . > Is there anyway to whitelist a user in the table or (even better) > perform the check for a certain domain only? Andrea
