Hi,
i have a question about using smtpd_sender_logins_map,
reject_sender_login_mismatch and check_client_access.
I set smtpd_sender_logins_map and set these rules in sender
restrictions:
smtpd_sender_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
check_sender_access hash:/etc/postfix/access,
check_client_access cidr:/etc/postfix/access_client,
reject_sender_login_mismatch,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_unauth_pipelining,
permit
The file /etc/postfix/access_client contains the ip addresses that i
permit to pass reject_sender_login_mismatch rule.
But i have a question about this.
In this case these ips can use my email address to send messages to me.
I don't want this to be possible. I want to permit the ips, but also I
want them to be allowed to send mail only if they do so from a specific
domain, for examle @igdomain.com. So, I need to filter mail sending not
only by IPs, but by domain name at the same time - even if an IP is
permitted in /etc/postfix/access_client, it still should not be able to
send mail if the sender domain is different from @igdomain.com.
This is an example:
Lets say that we have permitted this IP in access_client 198.236.125.7
and i have 2 domains that i manage emails for:
domain1.com
domain2.com
Lets say that we have 2 email addresses, one per domain.
[email protected]
[email protected]
The current situation with only permitted ip address is this:
This ip connects to my mail server and send to [email protected] or
[email protected], message from [email protected] and/or [email protected]
without requiring authentication.
It can use both e-mail addresses in MAIL FROM and it can send spam.
I want to achieve the following:
I permit this ip in access_client file and it connects.
And we have 2 conditions:
1. If it try to send email to [email protected] or [email protected]
using [email protected] in MAIL FROM field, than it must be rejected,
because it is not authenticated and i don't want this ip to use my email
address to send message to me or someone else in my system.
2. If it try to send email to [email protected], or [email protected]
using [email protected] in MAIL FROM field, then this should be allowed
(permitted) and in this situation it should pass
reject_sender_login_mismatch rule and send message successfully.
I suppose it is almost clear :)
Is it possible this to be realize and how?
Thanks in advanced!
