Hi,
I'm running postfix as a virtual mail server and I have the following
issue,
relay control is working fine with pop-before-smtp, but still get spam passing
through because when a spammer puts the "From" header with any of my
virtual domains and a "Rcpt" also is on the virtual domains no authentication
is required because pop-before-smtp only authenticates for relay.
So the question is, is it possible to condition the smtp access to deny
access when the destination is local and the user is local and the client agent
IP is not in pop-before-smtp database ?
in summary my rules should do this:
-Deny access on relay attempt (recipient is remote) and the smtp client
IP is not in the pop-before-smtp database . (I got this working)
-Deny access on non-relay attempts (deliver to local) and the from
header
is also local and the smtp client IP is not in the pop-before-smtp database
(no idea how to do this)
-Apply antispam rbl checks (this also working right now)
these are my current restrictions:
smtpd_recipient_restrictions = permit_mynetworks,
check_client_access hash:/etc/postfix/pop-before-smtp,
reject_authenticated_sender_login_mismatch,
permit_sasl_authenticated,
reject_unauth_destination,
reject_unauth_pipelining,
check_recipient_maps,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client list.dsbl.org,
reject_rhsbl_client sbl-xbl.spamhaus.org,
reject_rhsbl_client bl.spamcop.net,
reject_rhsbl_client list.dsbl.org,
reject_rhsbl_sender sbl-xbl.spamhaus.org,
reject_rhsbl_sender bl.spamcop.net,
reject_rhsbl_sender list.dsbl.org,
permit_auth_destination,
reject
