Hello Answers in after the #
On 03.06.19 13:02, De Petter Mattheas wrote: >How can we secure are postfix smtp relay server? complicated question... >For the moment we have a rule that only allow mail from exchange server >adres to postfix (relay server), show us. # mynetworks = xxx.xxx.xxx.xxx/32, 127.0.0.1/32 smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination >but when somebody spoofs this address mail gets accept and you can send your >mail to anybody as anybody. your rule apparently has logical error. # thing is it is secure because postfix accept only mail from exchange server, but when you get access to the exchange server, or spoof the ip adress of the exchange server you can send mails. How can i block this? >So I know I can use these but we are not used of working with this. > >Can we setup another way of authentication? it's hard to answer without knowing the real problem. You apparently don't require authentication and what you require is not what you want to achieve. # see answer above >I would not like to setup users/mailboxes on the relay server, all are >users are on the exchange server (AD), and postfix is are simple relay >server we would like to secure. #so I can't setup any security when we do not created mailboxes on the relay server? Can't the authentication take place with the user accounts of the OS? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. We are but packets in the Internet of life (userfriendly.org) ************************************************************ Any reaction to this e-mail or any other mail, including any files transmitted therewith to sender's e-mail address(es) shall be dealt with not as private, but as business communication(s) and shall be registered as such. ************************************************************
