Hi, i'm really getting nuts trying to get is running.
The current behavior is: * An authenticated user can login as user f...@example.com and then send an email using from/sender address b...@example2.com * When another server i have, also running a Postfix 2.11, which relays emails on the main server tries to send an email the local user sending the email must match the from/sender address. If not the following message appears "Sender address rejected: not owned by user...". It looks like the desired behavior only works for relaying. Here's what happens when i fake a from address through telnet https://gist.github.com/sibok/30d7b1085ee6eb26167c Here's the telnet sequence https://gist.github.com/sibok/2540ad0ed0e7dde13311 here's master.cf just in case an edit is needed https://gist.github.com/sibok/7d10c8d267170f4deb43 I hope someone can give some bits of help. Thanks On Wed, Mar 26, 2014 at 9:22 PM, Pau Peris <p...@webeloping.es> wrote: > > Hello again, > > i read carefully the explanation given by rhsoft and also went to postconf > doc page - http://www.postfix.org/postconf.5.html -to be able to > understand each one of the statements i was setting up. It really looks > pretty easy but i think i'm bypassing something because i'm not able to > reject senders based on: > * The sender/from address is not the one used to login/authenticate. > * The sender/from address does not exist. > > I'm posting bellow my current Postfix setup in hope someone can help to > find the error: > > $ postconf |grep mail_version > mail_version = 2.11.0 > > $ postconf -n > https://gist.github.com/sibok/df8c8fc0d85785978c85 > > > Here's the output shown at /var/log/mail.log > https://gist.github.com/sibok/8e910f54ba5b1a9ea05b > > I enabled MySQL SQL Query logs so that's what i seen when trying to send > from w...@blog.example.com to p...@example.com where example.com is a valid > domain, able to receive emails, and blog.example.com is a valid CNAME > which is not able to receive emails so the following address > w...@blog.example.com does not exists. > https://gist.github.com/sibok/ef6a417d10ddf20bd242 > > > On Tue, Mar 25, 2014 at 12:07 AM, Pau Peris <p...@webeloping.es> wrote: > >> Hundred thanks!! Really great help, tomorrow gonna put it all together >> and solve the issue. >> >> Good night! >> >> >> On Mon, Mar 24, 2014 at 9:06 PM, li...@rhsoft.net <li...@rhsoft.net>wrote: >> >>> >>> >>> Am 24.03.2014 20:54, schrieb Pau Peris: >>> > I'm wondering why are you setting the following policies under >>> recipient restrictions >>> > and not under sender restrictions? Maybe it's more efficient? >>> > >>> > reject_non_fqdn_sender >>> > reject_unlisted_sender >>> > reject_authenticated_sender_login_mismatch >>> >>> because with "smtpd_delay_reject" which is default for >>> good reasons it does not matter and the configuration >>> is easier to understand as well as specific overrides >>> are better to manage >>> >>> > reject_non_fqdn_sender >>> > reject_unlisted_sender >>> > reject_authenticated_sender_login_mismatch >>> > >>> > Last, what do you think about reject_unverified_sender? Is it a >>> resources drainer? >>> >>> it may lead to blacklisting because you always make a sending >>> attempt and in case of forged senders you do that to servers >>> never tried to send a message to you >> >>
