On Fri, Aug 30, 2013 at 3:25 PM, /dev/rob0 <r...@gmx.co.uk> wrote: > On Fri, Aug 30, 2013 at 03:12:40PM -0400, Jean-Sébastien Nicaise > wrote: > > On Fri, Aug 30, 2013 at 2:44 PM, Wietse Venema > > <wie...@porcupine.org> wrote: > > > > > Jean-S?bastien Nicaise: > > > > I'm verifying the sender email (mail from:) of mails sent from > > > > local users, not the recipient email (rcpt to:). > > > > > > In that case. > > > > > > /etc/postfix/main.cf: > > > smtpd_reject_unlisted_sender = yes > > > > > > This turns on "used unknown" tests for for MAIL FROM addresses. > > > > This does look like what I need, although it is not working. > > > > Mail still goes through. > > > > Aug 30 15:11:15 mail01 postfix/qmgr[18491]: E05B660373: > > from=<t...@yasdsdfdf.net>, size=2755, nrcpt=1 (queue active) > > Yasdsdfdf.net is NXDOMAIN. You seem to be shifting the goal? If you > are talking about sender domains which do not exist, simply precede > your permit_sasl_authenticated restriction with > reject_unknown_sender_domain. > > http://www.postfix.org/postconf.5.html#reject_unknown_sender_domain > > And see also, in case the goal shifts back: > > http://www.postfix.org/postconf.5.html#smtpd_reject_unlisted_sender > http://www.postfix.org/postconf.5.html#reject_unlisted_sender > > > Aug 30 15:11:16 mail01 postfix/smtp[18536]: E05B660373: > > to=<*REMOVED*>, relay=gmail-smtp-in.l.google.com[173.194.74.27]:25, > > delay=0.95, delays=0.02/0.01/0.3/0.62, dsn=2.0.0, status=sent (250 > > 2.0.0 OK 1377889894 g8si4772232qam.41 - gsmtp) > > I'm surprised that gmail accepted this, because most sites will use > reject_unknown_sender_domain or equivalent. > -- > http://rob0.nodns4.us/ -- system administration and consulting > Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: >
Those two: http://www.postfix.org/postconf.5.html#smtpd_reject_unlisted_sender http://www.postfix.org/postconf.5.html#reject_unlisted_sender don't work, as stated previously. Mail still goes through just fine. This one: http://www.postfix.org/postconf.5.html#reject_unknown_sender_domain is half of what's I'd like to do. If the domain in NXDOMAIN, it won't let a user use that email in MAIL FROM and it will block the mail. Although, if the domain exists, the user will still be able to use that email in MAIL FROM. (the mail may bounce, depending if the user exists at the other end) I'm hoping for something simple like: user sends an email. Postfix looks at MAIL FROM. Is the email address part of $mydomain? if so, relay mail. If not, don't relay mail.
