The advantage with using "permit_sasl_authenticated, reject" as check_sender_access in the global config, is that authenticated senders won't be able to send with a adress outside of your domain either, thus achieving both local spoof prevention for unauthenticated users, but also prevents foregin spoof from authenticated users.
-----Ursprungligt meddelande----- Från: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] För Phil Stracchino Skickat: den 17 november 2016 17:26 Till: postfix-users@postfix.org Ämne: Re: SV: block emails which pretend to originate from my domain On 11/17/16 09:16, Sebastian Nielsen wrote: > You have your permit_sasl_authenticated inside smtpd_sender_restrictions > right? > Replace that with "check_sender_access hash:/path/to/file" ...Right, never mind, reading too early in the morning. > Inside the file /path/to/file, you add the following: > mydomain.com permit_sasl_authenticated, reject > > Essentially, you move your "permit_sasl_authenticated" to the /path/to/file > file. > > Or do you already have a check_sender_access containing > permit_sasl_authenticated? I'm actually achieving the same end a different way: smtpd_recipient_restrictions = ... ... check_sender_access btree:/etc/postfix/block-local-sender /etc/postfix/block-local-sender: caerllewys.net REJECT Local sender address is not allowed -- Phil Stracchino Babylon Communications ph...@caerllewys.net p...@co.ordinate.org Landline: 603.293.8485
smime.p7s
Description: S/MIME Cryptographic Signature
