SPF and DKIM is mail tools to prevent spoofing of non-local domains. OP was out after tools to prevent local spoofing.
One is for example: 1: reject_sender_login_mismatch 2: Other is a check_sender_access table containing "yourdomain.com: permit_sasl_authenticated, reject". 3: Another one is reject_unlisted_sender Of course, all those tools perform a completely different check and they all can be used in unison. 1 would prevent all mismatches between login names and MAIL FROM. However, it won't prevent a unauthenticated client from sending a spoofed mail from a local mailbox X to a local mailbox Y (I think the tables can be setup to enforce this for unauthenticated clients too however). 2: This prevents authenticated senders from sending outside the domain the server is authorative for, but also prevents any unauthenticated client from spoofing the MAIL FROM as a local mailbox when sending mail that is targeted to a local mailbox. 3: This is a tool that prevents all unknown local adresses to be used as a sender. Another good thing with check_sender_access as described in 2 is that this can be used along with IP-based authentication (permit_mynetworks) to enforce so only specific domains can be used, and those domains cannot be used as a sender by unauthorized individuals, so even if you have SASL disabled, you can still enforce certain domains. -----Ursprungligt meddelande----- Från: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] För Matthias Fechner Skickat: den 14 mars 2016 21:05 Till: postfix-users@postfix.org Ämne: Re: MAIL FROM validiity Am 14.03.2016 um 12:50 schrieb Pascal Maes: > I would like that everybody who is sending mail from outside our network and > identified with sasl uses the email address corresponding to the uid. > The mail should be rejected if the uid and the email address do not match. I think a good start here is SPF and DKIM. With this you can enforce that now other email server should accept mails thats are not delivered over your email servers with your own domains. Gruß Matthias -- "Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the universe trying to produce bigger and better idiots. So far, the universe is winning." -- Rich Cook
smime.p7s
Description: S/MIME Cryptographic Signature
