On Tue, Feb 23, 2010 at 08:23:11PM -0600, Noel Jones wrote: > On 2/23/2010 7:35 PM, Ruben Safir wrote: > >On Wed, Feb 24, 2010 at 01:41:00AM +0100, Steve wrote: > >> > >>-------- Original-Nachricht -------- > >>>Datum: Tue, 23 Feb 2010 19:32:25 -0500 > >>>Von: Ruben Safir<ru...@mrbrklyn.com> > >>>An: postfix-users@postfix.org > >>>Betreff: restricting acceptence of mail users except from local network > >> > >>>How do I get postfix to reject mails "From" my own domains coming from > >>>outside the local network? > >>> > >>If all your users are authenticating when sending mails you could use > >>something like "reject_sender_login_mismatch" to reject those senders (from > >>inside or outside) that use your domains but have not authenticated. > >>
Anyway to restrict the From: header to the local domain as well as the From<whitespace> header It seems that Majordomo will accept the mail if the From: is different than the From >From mrbrk...@panix.com From: ru...@mrbrklyn.com I'd like to reject it at the mail server if either is spoofed and it is not originating from my local hosts on the internal network. Ruben > > > >smtpd_recipient_restrictions = > >permit_mynetworks,reject_unauth_destination, reject_rbl_client > >zen.spamhaus.org > > > >Will that do it? > > > >Ruben > > > > While spamhaus is likely to block the majority of spam aimed at your > server, it won't specifically reject mail claiming to be from your > domain that isn't. > > If spamhaus doesn't block "enough" of the spam, you can tell postfix > to reject mail claiming to be from unknown local sender addresses. > Set in main.cf: > smtpd_reject_unlisted_sender = yes > > or you can add a check_sender_access map to specifically reject your > domain when mail isn't local. > > # WARNING this is likely to reject "some" legit mail > # main.cf > smtpd_recipient_restrictions = > permit_mynetworks > reject_unauth_destination > check_sender_access hash:/etc/postfix/sender_access > reject_rbl_client zen.spamhaus.org > > # /etc/postfix/sender_access > example.com REJECT only for internal use > > to activate these changes you'll need to run > # postmap sender_access > # postfix reload > > -- Noel Jones -- http://www.mrbrklyn.com - Interesting Stuff http://www.nylxs.com - Leadership Development in Free Software
