On Wed, 2009-06-17 at 08:43 -0400, Jorey Bump wrote:
> Steve wrote, at 06/17/2009 05:38 AM:
> > Hi List,
> >
> > I'm currently controlling 'spoofing' (from isendm...@tomyself.null to
> > isendm...@tomyself.null) using a map;
> >
> > smtpd_sender_restrictions =
> > ..
> > check_sender_access hash:/etc/postfix/maps/spoofprotection
> >
> > This is fantastic but has one slight side effect. If I have a couple of
> > virtual domains such as;
> >
> > domain1.null
> > domain2.null
> >
> > and b...@domain1.null tries to send mail to b...@domain2.null it is
> > (rightfully) blocked.
> >
> > My poor geriatric brain is not good at logical problems :-( I'm sure the
> > answer is staring my in the face but, is there a 'workaround' for this?
>
> If possible, list it in this order:
>
> permit_mynetworks
> permit_sasl_authenticated
> reject_unauth_destination
> check_sender_access hash:/etc/postfix/maps/spoofprotection
>
> This will allow authenticated users and machines from mynetworks to
> bypass the restriction. As long as your check_sender_access map is not
> being used for whitelisting, this should pose no problem.
>
Fantastic! Well done you!
