Re: Preventing domain impresonation

2020-08-27 Thread Bill Cole
On 27 Aug 2020, at 8:30, Marek Kozlowski wrote: :-) Let's assume my hostname is 'sth.mydomain.tld' The following configuration: #- smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_

Re: Preventing domain impresonation

2020-08-27 Thread Viktor Dukhovni
On Thu, Aug 27, 2020 at 02:30:21PM +0200, Marek Kozlowski wrote: > #- > smtpd_recipient_restrictions = > permit_mynetworks, > permit_sasl_authenticated, > reject_unauth_destination, > check_sender_access hash:/etc/

Re: Preventing domain impresonation

2020-08-27 Thread Rainer Ruprechtsberger
Hi, we utilize something along these lines. And yes: the forwarding problem needs to be addressed. in main.cf: smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender, reject_authenticated_sender_login_mismatch, permit_sasl_authenticated, chec

Re: Preventing domain impresonation

2020-08-27 Thread Bill Cole
On 27 Aug 2020, at 9:26, Jaroslaw Rafa wrote: What does "check_sender_access" do in smtpd_recipient_restrictions ? According to documentation, you can have "check_recipient_access" there, but not "check_sender_access". Incorrect. From `man 5 postconf`: smtpd_recipient_restrictions (defau

Re: Preventing domain impresonation

2020-08-27 Thread Jaroslaw Rafa
Dnia 27.08.2020 o godz. 14:30:21 Marek Kozlowski pisze: > The following configuration: > > #- > smtpd_recipient_restrictions = > permit_mynetworks, > permit_sasl_authenticated, > reject_unauth_destination, > check_sender

Preventing domain impresonation

2020-08-27 Thread Marek Kozlowski
:-) Let's assume my hostname is 'sth.mydomain.tld' The following configuration: #- smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_sender_access hash:/etc