On Fri, Aug 30, 2013 at 03:12:40PM -0400, Jean-Sébastien Nicaise wrote: > On Fri, Aug 30, 2013 at 2:44 PM, Wietse Venema > <wie...@porcupine.org> wrote: > > > Jean-S?bastien Nicaise: > > > I'm verifying the sender email (mail from:) of mails sent from > > > local users, not the recipient email (rcpt to:). > > > > In that case. > > > > /etc/postfix/main.cf: > > smtpd_reject_unlisted_sender = yes > > > > This turns on "used unknown" tests for for MAIL FROM addresses. > > This does look like what I need, although it is not working. > > Mail still goes through. > > Aug 30 15:11:15 mail01 postfix/qmgr[18491]: E05B660373: > from=<t...@yasdsdfdf.net>, size=2755, nrcpt=1 (queue active)
Yasdsdfdf.net is NXDOMAIN. You seem to be shifting the goal? If you are talking about sender domains which do not exist, simply precede your permit_sasl_authenticated restriction with reject_unknown_sender_domain. http://www.postfix.org/postconf.5.html#reject_unknown_sender_domain And see also, in case the goal shifts back: http://www.postfix.org/postconf.5.html#smtpd_reject_unlisted_sender http://www.postfix.org/postconf.5.html#reject_unlisted_sender > Aug 30 15:11:16 mail01 postfix/smtp[18536]: E05B660373: > to=<*REMOVED*>, relay=gmail-smtp-in.l.google.com[173.194.74.27]:25, > delay=0.95, delays=0.02/0.01/0.3/0.62, dsn=2.0.0, status=sent (250 > 2.0.0 OK 1377889894 g8si4772232qam.41 - gsmtp) I'm surprised that gmail accepted this, because most sites will use reject_unknown_sender_domain or equivalent. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: