it works is this enought to prevent forging the email ids?! thanks
On Tue, Jan 13, 2009 at 5:59 PM, Noel Jones <njo...@megan.vbhcs.org> wrote: > bharathan kailath wrote: > >> 've a postfix server act as smtp out; i've allowed certain networks in >> mynetworks; my domain example.com <http://example.com>; my problem is >> from the allowed networks one can send mails (e.g m...@gmail.com <mailto: >> m...@gmail.com> to someb...@yahoo.com <mailto:someb...@yahoo.com>); it >> should not have accepted mails other than one of the sender/receiver belong >> to example.com <http://example.com> (its own domain) >> what could be wrong in the config? following is my config: >> > > Nothing wrong in your config[1], it's just that postfix does not enforce > which domains can be used when sending mail from authorized clients. > > There are several ways you can enforce such a rule. The simplest is > probably > smtpd_sender_restrictions = > check_sender_access hash:/etc/postfix/mydomains > reject_unauth_destination > > Where the mydomains table lists your local allowed domains as: > example.com OK > Note this MUST be in smtpd_sender_restrictions. > > You can also use "reject_unlisted_sender" in the above list to insure that > sender names in your domain really exist. > http://www.postfix.org/postconf.5.html#reject_unlisted_sender > > A more sophisticated (and more complicated) setup would require all local > users to authenticate via SASL and would map SASL usernames to the allowed > MAIL FROM using > http://www.postfix.org/postconf.5.html#reject_sender_login_mismatch > http://www.postfix.org/SASL_README.html > > [1] be aware that rfc-ignorant is intended for a scoring system (such as > SpamAssassin), not outright rejects. There is a strong possibility of > rejecting legit mail when used as an SMTP RBL. > > -- > Noel Jones >
