Re: Postfix as an outgoing spam filter. How to block email for unknown senders in local network?

Mon, 13 May 2019 04:27:33 -0700 

Hi Wietse,

Thanks for clearing that out. I read the first part of the manual and thought 
it would block if postfix is not the final destination but I didn't really 
understand the AND part of the sentence but now I do. So it's not the option I 
need. My bad! ;)

Now, to get back to your suggestion.
Can't we use the 'smtpd_sender_restrictions = check_sender_access ...' option 
on port 26 only using parameters in master.cf ?

If so, is it possible to use the relay_domains file for the same purpose?

We have "relay_domains = hash:/etc/pmg/domains" in our main.cf
And in /etc/pmg/domains we have domains like this:

domain1.com 1
domain2.com 1
domain3.com 1
domain4.com 1


I'm not sure if it can work with this "1" or does it need to be "OK"?

I'm unsure why there is a "1" but the system we're using is acually proxmox 
mail gateway which autogenerates the configuration.
We could create a small script to create a file for sender_access by replacing 
the 1 with an OK and writing it to a new file.

But I'm not sure why you suggested we need a different server for inboud and 
outbound? 

Kind regards,
Sander

----- Original Message -----
From: "Wietse Venema" <wie...@porcupine.org>
To: "postfix-users" <postfix-users@postfix.org>
Sent: Monday, May 13, 2019 1:16:12 PM
Subject: Re: Fwd: Postfix as an outgoing spam filter. How to block email for 
unknown senders in local network?

sandermo...@telenet.be:
> After some googling I found that the "reject_unknown_sender_domain"
> option should reject mail if Postfix isn't the sender's domain
> final destination so that sounds good too. I enabled that option
> but it doesn't seem to work?

It works as promised.

   reject_unknown_sender_domain
          Reject the request when Postfix is not final destination for the
          sender address, AND THE MAIL FROM DOMAIN HAS 1) NO DNS MX AND NO
          DNS  A RECORD, OR 2) A MALFORMED MX RECORD [...]

Have you considered using sender access control on the outbound 
SMTP server:

smtpd_sender_restrictions =
    check_sender_access inline:{
        example.com     OK
        other.example   OK
    }
    reject

This requires that you have different mail servers for inbound
and outbound SMTP.

        Wietse

Reply via email to