On 4/11/23 17:24, Viktor Dukhovni via Postfix-users wrote: > On Tue, Apr 11, 2023 at 03:34:09PM -0300, Roberto Carna via Postfix-users > wrote: > >> But we have realized that if we send messages using another domains >> than ourdomain1.com, the messages reach the recipients in Gmail, >> Hotmail and other public mail platforms. > > Perhaps as well considering how to address this, you might also consider > whether you're addressing the right problem... > > When an authorised message is slated to leave your network, the > consequences are least signficant when it purports to originate from > somebody else's domain. > > - Many receiving systems are liable to reject a message purporting > to originate from an unexpected domain (based on DMARC, ...). > > - There's little risk of reputational or financial damage if > the message does not impersonate a sender in your domain. > > On the other hand, if the message *is* from your domain, but > is an unauthorised message misleading your customers or business > partners, ... *then* you have a problem. > > While Postfix can to some extent enforce envelope to sender mismatches, > the real concern is usually the "From:" header, ... whose content is not > the MSAs job to enforce.
A milter must be used for this. Since this, along with DMARC, is a core responsibility of a modern MTA, I am curious if making this a part of Postfix itself (as Exim did) has been considered. -- Sincerely, Demi Marie Obenour (she/her/hers)
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
