Hi, I have configured SMTP-AUTH, this is maily to allow sending from outside network. as per your suggestion can i use check_sender_access?
Thanks & Regards, Ramesh --- In post...@yahoogroups.com, "MacShane, Tracy" <tracy.macsh...@...> wrote: > > > > > -----Original Message----- > > From: owner-postfix-us...@... > > [mailto:owner-postfix-us...@...] On Behalf Of itsramesh_s > > Sent: Friday, 6 February 2009 4:25 PM > > To: postfix-us...@... > > Subject: Sender-Recipient forged mail > > > > > > Hi, > > > > I have configured postfix postfix-2.4.5-2.fc8. all mail user are > > getting forged mails as sender and recipient are same. we have > > secondary mx i am sending both postconf output, > > > > Please help me to stop forged mail. > > > > Postconf -n of primary MTA > > > > smtpd_recipient_restrictions = permit_sasl_authenticated, > > permit_mynetworks, reject_unauth_pipelining, > > reject_unknown_recipient_domain, reject_non_fqdn_sender, > > reject_unauth_destination > > You could do with a whole lot more smtpd restrictions, such as > reject_non_fqdn_recipient, reject_non_fqdn_helo_hostname, > reject_invalid_helo_hostname, reject_unknown_sender_domain, > reject_unknown_reverse_client_hostname (or > reject_unknown_client_hostname, but this tends to give a lot of false > positives due to admins who can't configure DNS properly, > unfortunately). > > If all your senders are sending from hosts in mynetworks, then the > easiest method is to do "check_sender_access > hash:/etc/postfix/sender_access" after reject_unauth_destination (and > permit_mynetworks, of course), where /etc/postfix/sender_access is as > follows: > > mydomain.com REJECT Mail from our senders must come from our > hosts >
