On 9/28/2014 1:26 AM, Ruben Safir wrote: > > Hello > > I thought there was a means to restrict and/convert all the outgoing > mail that passes though postfix to specific domain names. I've noticed > that on several postfix installations that the sending domain name in > the envelopes From can be changed to almost anything. How do I > restrict it? > > Ruben >
There are a few different methods that can be used depending on what you intend for the local policy. - use http://www.postfix.org/postconf.5.html#reject_sender_login_mismatch to reject a message when the SASL user does not match the specified MAIL FROM. Requires that all users use SASL to submit mail, and you need to create a list of username -> MAIL FROM. This is the strictest check and is frequently recommended for account control. - use http://www.postfix.org/RESTRICTION_CLASS_README.html to check if a message is from your network, then reject the message if the sender domain doesn't match what you think it should. This works well if mail is submitted from a local network without using SASL. - use a policy service to require that SASL authenticated mail uses a specific sender domain. http://www.postfix.org/RESTRICTION_CLASS_README.html - use smtpd_generic_maps to force *all* outbound mail to use a specified sender domain. This will break forwarded mail. http://www.postfix.org/ADDRESS_REWRITING_README.html#generic -- Noel Jones
