On 2016-07-29 16:16, Shawn Heisey wrote:
On 7/22/2016 2:10 PM, Benny Pedersen wrote:
On 2016-07-22 19:53, Shawn Heisey wrote:
relay_domains = $mydestination, hash:/etc/postfix/local_domains
if local_domains contains domains local, you can reject senders that
forge sender AFTER permit_sasl_auth...
You're mentioning authentication again.
sorry about that
As I said once already, this
postfix server does NOT authenticate users.
sorry about that aswell
It only listens on port 25,
there you go
not port 587. I might have enabled 465, but I do not remember. All
user accounts and mailboxes are on the Exchange server, and users can
connect directly to Exchange over encrypted channels.
yes thats ok, but how does users from exchange send mail ?, its a bug to
use port 25
The pair of postfix servers are mail relays and authoritative DNS
servers. Our MX record points to a VIP that can float between the two
servers. They serve as a spam/virus filter for mail headed to and
coming from the Exchange server, and have a second role as a smarthost
for internal systems that need to send notification email. The only
"authentication" done for the smarthost role is source IP --
permit_mynetworks.
all that is ok
I have no interest in postfix validating "From" headers, but if the
envelope sender contains one of my domains and the sending server is
not
in mynetworks, I want postfix to reject it. Is that possible?
this is not a job for postfix, if you want From: header policy use
opendkim in postfix
