On 03.06.19 14:19, De Petter Mattheas wrote:
Answers in after the #
indenting the original answer usually giver much more readable result.
outlook does support indenting...
On 03.06.19 13:02, De Petter Mattheas wrote:
How can we secure are postfix smtp relay server?
complicated question...
For the moment we have a rule that only allow mail from exchange server
adres to postfix (relay server),
show us.
# mynetworks = xxx.xxx.xxx.xxx/32, 127.0.0.1/32
smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination
this should be fine
but when somebody spoofs this address mail gets accept and you can send your
mail to anybody as anybody.
your rule apparently has logical error.
# thing is it is secure because postfix accept only mail from exchange
# server, but when you get access to the exchange server, or spoof the ip
# adress of the exchange server you can send mails. How can i block this?
if either your postfix or your exchange server is in network where spoofing
can happen, move them away.
So I know I can use these but we are not used of working with this.
Can we setup another way of authentication?
it's hard to answer without knowing the real problem.
You apparently don't require authentication and what you require is not what
you want to achieve.
# see answer above
I would not like to setup users/mailboxes on the relay server, all are
users are on the exchange server (AD), and postfix is are simple relay
server we would like to secure.
#so I can't setup any security when we do not created mailboxes on the relay
server?
Can't the authentication take place with the user accounts of the OS?
it can, and usually does. But you said you don't want to set up mailboxes on
the relay server.
In fact you can set up one account and use it for relaying mail through
postfix.
but the option I gave you above is better. If eomeone can fake your
mailserver's address, you should move it elsewhere.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I'm not interested in your website anymore.
If you need cookies, bake them yourself.
