Re: How Do I Whitelist a reject_unknown_sender_domain
- At 12:42 AM 7/1/2006, Devdas Bhagat wrote:
>smtpd_recipient_restriction =Once you add in the missing permit_mynetworks, the above
>should work too.
won't prevent internal users from using a bogus sender domain.
a) you want to prevent internal users from using an unknown
sender domain - a reasonable policy
b) you need to whitelist some bogus domain you must accept
the safest thing is to put the whitelist and
smtpd_sender_restrictions. (I mistakenly used
reject_non_fqdn_sender in earlier examples, but the same
principle applies). While it is possible to do this safely
under smtpd_recipient_restrictions by using
permit_auth_destination rather than OK, I think it best to
not tempt fate.
- On 01/07/06 01:21 -0500, Noel Jones wrote:
> At 12:42 AM 7/1/2006, Devdas Bhagat wrote:True. That can be handled with sasl authentication and
> >smtpd_recipient_restriction =
> > reject_unauth_destination
> > check_sender_access
> > reject_non_fqdn_sender
> >should work too.
> Once you add in the missing permit_mynetworks, the above
> won't prevent internal users from using a bogus sender domain.
smtpd_sender_login_maps. However, this is a policy decision and the
choice to add a little bit more complexity to the configuration over
controlling user configurations is left to the poster.