Hi, We have an internet facing MX server whereby all users authenticate their outgoing connection to submit emails via port 587. This MX server routes incoming mail for our domain to an internal postfix smtp server which then delivers mail to local imap servers.
The internal postfix smtp server users ldap aliases map alias_maps = ldap:/etc/postfix/ldap-aliases.cf, to lookup which imap server a users mailbox resides on. What I want to achieve is if an mail is destined for my local domain ( domain1.com) I would like postfix to check the "envelope From field" to ensure it's not been spoofed. There is a postfix option... reject_sender_login_mismatch that can be mapped... smtpd_sender_login_maps = ldap:/etc/postfix/smtpd_sender_login.cf However - I get the following error -bash-4.1$ postconf -n alias_database = hash:/etc/aliases alias_maps = ldap:/etc/postfix/ldap-aliases.cf, hash:/etc/aliases command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 html_directory = no inet_interfaces = all inet_protocols = ipv4 mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man message_size_limit = 51200000 mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, mx3.$mydomain, mx1.$mydomain, mx2.$mydomain mydomain = domain1.com myhostname = smtp-1.domain1.com mynetworks = xxx.xxx.192.0/21, xxx.62.52.0/22, 10.0.0.0/8, xxx.16.0.0/12, xxx.168.0.0/16 myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES sample_directory = /usr/share/doc/postfix-2.6.6/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_sender_restrictions = reject_unverified_sender With "smtpd_sender_restrictions = reject_unverified_sender" If the from field contains an invalid address the following is logged - which is great to stop unknown From address being forged. NOQUEUE: reject: RCPT from mx.domain1.com[xxx.xxx.192.130]: 450 4.1.7 < he...@domain1.com>: Sender address rejected: unverified address: unknown user: "hejem"; from=<he...@domain1.com> to=<te...@domain1.com> proto=ESMTP helo=<hh-domain1.com> However,
