Am 15.03.2011 19:47, schrieb Noel Jones: > On 3/15/2011 1:06 PM, Reindl Harald wrote: >> Am 15.03.2011 18:50, schrieb Noel Jones: >> >>> Change the above to >>> smtpd_recipient_restrictions = >>> reject_non_fqdn_sender >>> reject_unknown_sender_domain >>> reject_unlisted_sender >>> permit_mynetworks >>> permit_sasl_authenticated >>> reject_unauth_destination >>> reject_unlisted_recipient >>> reject_non_fqdn_helo_name >>> >>> >>> NB: This provides some protection against bad envelope sender addresses. >>> This does NOT protect against bad From: >>> or Reply-To: headers. This does NOT protect mail submitted via the >>> sendmail(1) command. >> >> hi >> >> does this work for receiving mails from outside correct? > > The example rules apply to both authenticated/inside mail, and outside mail > from the general internet. > >> this time we are using a sql-hack in >> "reject_authenticated_sender_login_mismatch" >> to prevent that a user sends with a domain for which we would not accept >> mails >> and in case there are some alias-domains we allow even non existent senders >> if they domain matches >> >> it would be glad if "reject_unlisted_sender" in "smtpd_sender_restrictions" >> and >> "smtpd_recipient_restrictions" could replace this! > > My example rules above are basic "does the sender's domain exist?" and "if > this is my domain does the sender > exist?" tests. > > The reject_authenticated_sender_login_mismatch gives much finer control, > allowing you to define which senders a > particular authenticated user may use. > > Only you can decide if the simple tests meet your needs. > > > -- Noel Jones
thank you for your reply what i do not understand is why "reject_unlisted_sender" would not reject a mail from outside sender "reindl.har...@gmail.com" because this sender-verify is only needed for sasl-authenticated users and while receiving a legal mail from outside can not match "listed sender", if it does so all is fine but i like to understand things happening on "my" servers :-) "reject_authenticated_sender_login_mismatch" is not needed, it was the only way i found some time ago to prevent our users sending from "gmx.at" and other domains we are not owning
signature.asc
Description: OpenPGP digital signature
