After doing another try and looking carefully at the mail.log file i realize that after the first attempt to reject the email i finally gets delivered. https://gist.github.com/sibok/82f84dcc71bfa75deeeb
Hope someone can help. Thanks! On Thu, Mar 27, 2014 at 6:52 PM, Pau Peris <p...@webeloping.es> wrote: > If i try to spoof email/sender address through Mozilla Thunderbird i get > the same error message as the one when relaying <u...@example.com>: > Sender address rejected: not owned by user us...@example.com; So it looks > like the issue only exists when working locally like through the webmail > solution. > > > On Thu, Mar 27, 2014 at 3:37 PM, Pau Peris <p...@webeloping.es> wrote: > >> Hi, >> >> i'm really getting nuts trying to get is running. >> >> The current behavior is: >> * An authenticated user can login as user f...@example.com and then send >> an email using from/sender address b...@example2.com >> * When another server i have, also running a Postfix 2.11, which relays >> emails on the main server tries to send an email the local user sending the >> email must match the from/sender address. If not the following message >> appears "Sender address rejected: not owned by user...". It looks like the >> desired behavior only works for relaying. >> >> Here's what happens when i fake a from address through telnet >> https://gist.github.com/sibok/30d7b1085ee6eb26167c >> >> Here's the telnet sequence >> https://gist.github.com/sibok/2540ad0ed0e7dde13311 >> >> here's master.cf just in case an edit is needed >> https://gist.github.com/sibok/7d10c8d267170f4deb43 >> >> I hope someone can give some bits of help. >> >> Thanks >> >> >> On Wed, Mar 26, 2014 at 9:22 PM, Pau Peris <p...@webeloping.es> wrote: >> >>> >>> Hello again, >>> >>> i read carefully the explanation given by rhsoft and also went to >>> postconf >>> doc page - http://www.postfix.org/postconf.5.html -to be able to >>> understand each one of the statements i was setting up. It really looks >>> pretty easy but i think i'm bypassing something because i'm not able to >>> reject senders based on: >>> * The sender/from address is not the one used to login/authenticate. >>> * The sender/from address does not exist. >>> >>> I'm posting bellow my current Postfix setup in hope someone can help to >>> find the error: >>> >>> $ postconf |grep mail_version >>> mail_version = 2.11.0 >>> >>> $ postconf -n >>> https://gist.github.com/sibok/df8c8fc0d85785978c85 >>> >>> >>> Here's the output shown at /var/log/mail.log >>> https://gist.github.com/sibok/8e910f54ba5b1a9ea05b >>> >>> I enabled MySQL SQL Query logs so that's what i seen when trying to send >>> from w...@blog.example.com to p...@example.com where example.com is a >>> valid domain, able to receive emails, and blog.example.com is a valid >>> CNAME which is not able to receive emails so the following address >>> w...@blog.example.com does not exists. >>> https://gist.github.com/sibok/ef6a417d10ddf20bd242 >>> >>> >>> On Tue, Mar 25, 2014 at 12:07 AM, Pau Peris <p...@webeloping.es> wrote: >>> >>>> Hundred thanks!! Really great help, tomorrow gonna put it all together >>>> and solve the issue. >>>> >>>> Good night! >>>> >>>> >>>> On Mon, Mar 24, 2014 at 9:06 PM, li...@rhsoft.net <li...@rhsoft.net>wrote: >>>> >>>>> >>>>> >>>>> Am 24.03.2014 20:54, schrieb Pau Peris: >>>>> > I'm wondering why are you setting the following policies under >>>>> recipient restrictions >>>>> > and not under sender restrictions? Maybe it's more efficient? >>>>> > >>>>> > reject_non_fqdn_sender >>>>> > reject_unlisted_sender >>>>> > reject_authenticated_sender_login_mismatch >>>>> >>>>> because with "smtpd_delay_reject" which is default for >>>>> good reasons it does not matter and the configuration >>>>> is easier to understand as well as specific overrides >>>>> are better to manage >>>>> >>>>> > reject_non_fqdn_sender >>>>> > reject_unlisted_sender >>>>> > reject_authenticated_sender_login_mismatch >>>>> > >>>>> > Last, what do you think about reject_unverified_sender? Is it a >>>>> resources drainer? >>>>> >>>>> it may lead to blacklisting because you always make a sending >>>>> attempt and in case of forged senders you do that to servers >>>>> never tried to send a message to you >>>> >>>> > > > -- > *Pau Peris Rodriguez* > *Chief Executive Officer (CEO)* > Tel: 669650292 > C/Balmes 211, Principal Segunda > Barcelona 08006 > http://www.webeloping.es > > Aquest correu electrònic conté informació de caràcter confidencial > dirigida exclusivament al seu/s destinatari/s en còpia present. Tant > mateix, queda prohibida la seva divulgació, copia o distribució a tercers > sense prèvia autorització escrita per part de Pau Peris Rodriguez. En > cas d'haver rebut aquesta informació per error, es demana que es notifiqui > immediatament d'aquesta circumstancia mitjançant la direcció electrònica > del emissor. > -- *Pau Peris Rodriguez* *Chief Executive Officer (CEO)* Tel: 669650292 C/Balmes 211, Principal Segunda Barcelona 08006 http://www.webeloping.es Aquest correu electrònic conté informació de caràcter confidencial dirigida exclusivament al seu/s destinatari/s en còpia present. Tant mateix, queda prohibida la seva divulgació, copia o distribució a tercers sense prèvia autorització escrita per part de Pau Peris Rodriguez. En cas d'haver rebut aquesta informació per error, es demana que es notifiqui immediatament d'aquesta circumstancia mitjançant la direcció electrònica del emissor.
