an...@iguanait.com a écrit :
> Hi,
>
> i'm trying to slow down and block backscater mails and i try to use:
> reject_sender_login_mismatch and smtpd_sender_login_maps.
>
> I have some questions about how to pass this restriction for some cases.
> The situation is this:
>
> We have some other servers where we have installed other webapplication
> that send mail from there using for example i...@ourdomain.com without
> authentication.
> These mails are sending to our mail server, but now we filter all these
> addresses to prevent using our addresses in MAIL FROM to send mails to
> us.
>
> How to allow these servers to pass the rule
> reject_sender_login_mismatch?
>
> We have this configuration for sernder restrictions:
>
> smtpd_sender_restrictions =
> permit_mynetworks,
> permit_sasl_authenticated,
> check_sender_access hash:/etc/postfix/access,
> # reject_sender_login_mismatch,
> reject_non_fqdn_sender,
> reject_unknown_sender_domain,
> reject_unauth_pipelining,
> permit
>
> i have commented out the parameter, temporary until i find out how to
> solve this problem.
>
> I added in access file this kind of entry:
> serveripaddress OK
>
> but this does not help, i got mailer-daemon mail when other server sent
> mail.
>
your access file is used for check_SENDER_access, not for
check_client_access.
the easy way is to add the IP to mynetworks. otherwise add
check_client_access cidr:/etc/postfix/access_client
before reject_sender_login_mismatch and put the IP in acces_client:
10.1.2.3/32 OK
do not postmap this, since it is a cidr map.
