Thanks Brian, looks like a positive answer.. I will respond to the list to Clunk as his caveats may have an affect on my configuration..
Wanted to thank you directly since its a good solution (and education on postfix etiquette :) Cheers Nick > -----Original Message----- > From: owner-postfix-us...@postfix.org [mailto:owner-postfix- > us...@postfix.org] On Behalf Of Brian Evans - Postfix List > Sent: Wednesday, July 29, 2009 11:06 PM > To: Postfix users > Subject: Re: Stop spammers sending us spam from users in our domain... > > Nick Sharp wrote: > > Hi all, > > > > I am new to this list, so forgive me if I am not up with your current > level > > of etiquette, I do tune in pretty quickly.. so starting with a long > email.. > > > > Welcome to the list. > Unfortunately, you seem to have missed the important line in the > Welcome > Message: > "TO REPORT A PROBLEM SEE: > http://www.postfix.org/DEBUG_README.html#mail"; > > I'll muddle through, but without 'postconf -n', I can only guess. > > Been trying to stop people sending email to us setting FROM as a user > in our > > domains. Seems basic enough spam limitation. > > > > It seems if I configure reject_unauthenticated_sender_login_mismatch > in > > smtp_sender_restrictions all email gets rejected (with my config > below) > > (even to $virtual_mailbox_domains) _if_ not in $mynetworks (no auth > needed - > > seems ok) or if the client is not sasl auth'd (smtp ok again in this > > situation) > > > > Using a jack-hammer won't let you drive a nail. > A simpler solution is: > smtpd_recipient_restrictions = permit_mynetworks, > permit_sasl_authenticated, reject_unauth_destination, > check_sender_access hash:/path/to/file > > /path/to/file: > #Using example.com as your domain here > #This can be a mysql map if you like. It is hash to show simplicity. > #You may customize the REJECT message as you see fit of course. See > 'man 5 access' > example.com REJECT We do not accept sending from ourselves without > authentication > .example.com REJECT We do not accept sending from ourselves without > authentication > #covering both cases since you did not show postconf -n.. > > Please understand that Postfix checks envelope senders this way. > Header > From is a bad measure in many cases to block. > > Brian
