Re: Authentication in Postfix (for spam)

Sun, 27 Dec 2009 11:48:53 -0800 

Josep M. a écrit :
> Hello.
> 
> In lasts days one spammer had fun with my email address sending me
> hundresds of emails, most of them rejected by postfix anti-spam
> measures, but not all.
> 
> I will explain the spammer send from internet (without authentication):
> 
> from: websurfer at navegants.com
> to: websurfer at navegants.com
> 
> I have saslauthd running ok, and noboby can send outside the network
> without auth (except localhost), but....Do I need something for that one
> IP from internet can't   send email "from me to me" without
> authentication?
> 
> 

depends what ou mean by "from:"

if it's the From: header, then there's nothing you can do. check the
mail you posted to the list and you'll see that it has your address in
the "From:" header.

if you mean the envelope sender (MAIL FROM command), then you can do
different things. For example,

smtpd_recipient_restrictions =
        permit_mynetworks
        permit_sasl_authenticated
        reject_unauth_destination
        check_sender_access hash:/etc/postfix/restricted_sender
        ...

== sender_reject
example.com     REJECT authentication required
.example.com    REJECT authentication required


PS. Please put the check_sender_access AFTER reject_unauth_destination.
(sorry for shouting, but it's for your safety!).


> Thanks
> Josep
> 
> 
> smtpd_recipient_restrictions = permit_mynetworks,
> reject_unauth_destination,    reject_unauth_pipelining,
> check_recipient_access        hash:/etc/postfix/recipient_checks,    
> check_helo_access hash:/etc/postfix/helo_checks,    
> check_helo_access  hash:/etc/postfix/access_helo    
> check_sender_access    hash:/etc/postfix/sender_checks.domain,      
> check_sender_access    hash:/etc/postfix/sender_checks.email,       
> check_client_access    hash:/etc/postfix/client_checks,    
> reject_unknown_sender_domain,    reject_unknown_recipient_domain,   
> reject_non_fqdn_sender ,        reject_non_fqdn_recipient,
> reject_multi_recipient_bounce,    reject_unlisted_recipient,
> reject_unverified_recipient,    permit_sasl_authenticated ,   
> check_policy_service unix:private/policy    
> check_policy_service inet:127.0.0.1:60000     
> check_sender_access hash:/etc/postfix/verify_domain    
> check_recipient_access hash:/etc/postfix/verify_user    
> permit
> 
> 
> 
>

Reply via email to