On Tue, Feb 23, 2010 at 08:32:57PM -0700, LuKreme wrote: > On 23-Feb-10 17:32, Ruben Safir wrote: > >How do I get postfix to reject mails "From" my own domains coming from > >outside the local network? > > This is a FAQ, and a complicated one. > > Are you trying to just block any email that is from > u...@yourdomain.tld and to u...@yourdomain.tld? If so, the easiest > way, and the most sensible is to have users authenticate and then > reject unauthenticated local users. > > You could also just take a sledgehammer and forbid anyone outside > sending mail 'from' a local user, but unless you are absolutely > positive that no one will even want to send mail to themselves > (something i do daily for example) you are just going to piss people > off. > > You can set up SPF for yourself and enforce it, but again, this is > going to annoy your road warrior who is forced to use a 3rd party > server to send out mail (since many ISPs block port 25). > > Really, the best solution is to tell your users to use port 587 and > make them authenticate. Works for everyone.
This is getting philophical and I just don't care. Mail From our domain has to originate from OUR domain. No exceptions. They can ssh in an use mutt, or use the VPN. Ruben -- http://www.mrbrklyn.com - Interesting Stuff http://www.nylxs.com - Leadership Development in Free Software So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://fairuse.nylxs.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 "Yeah - I write Free Software...so SUE ME" "The tremendous problem we face is that we are becoming sharecroppers to our own cultural heritage -- we need the ability to participate in our own society." "> I'm an engineer. I choose the best tool for the job, politics be damned.< You must be a stupid engineer then, because politcs and technology have been attached at the hip since the 1st dynasty in Ancient Egypt. I guess you missed that one." © Copyright for the Digital Millennium
