Loading ...
Sorry, an error occurred while loading the content.

Re: Rejection of not authenticated users when FROM and TO matches my domain

Expand Messages
  • mouss
    ... you can use reject_unauthenticated_sender_login_mismatch but: you can t reject mail once your gateway (or that of your filtering provider) has accepted it.
    Message 1 of 4 , Apr 30, 2009
    • 0 Attachment
      Ivan Stepaniuk a écrit :
      > mouss wrote:
      >> Ivan Stepaniuk a écrit :
      >>> Hi everybody, I have a postfix+sasl+mysql setup. Could someone point out
      >>> how to reject mails when both FROM and TO addresses are @...,
      >>> and of course only when the sender is not sasl authenticated?
      >
      >> if you are talking about envelope addresses (MAIL FROM and RCPT TO),
      >> then use a policy service or a milter. postfix access checks act on a
      >> single parameter (no combination of fields).
      >
      > Thanks. Just to be clear, forgetting then about the RCPT TO for a while,
      > could I restrict the sender from within postfix, in a way that when MAIL
      > FROM matches my users map, the user needs to be always sasl
      > authenticated to send mail? and if so, is there a way to do this without
      > further restricting authenticated users?
      >

      you can use reject_unauthenticated_sender_login_mismatch but:

      you can't reject mail once your gateway (or that of your filtering
      provider) has accepted it. this will cause the gateway to send bounces
      to forged addresses, and this has name: backscatter. and it is bad.

      you can only reject mail received from "foreign" servers (servers that
      are not supposed to accept mail for your domains).

      > The problem is that my server is behind a gateway (which I don't have
      > access to) that filters spam, but it white-lists all my domains,

      Get rid of this borked gateway (if it can't be fixed). it's been years
      that all people involved in email know that sender addresses are easily
      forged. if a developer/designer/... missed this simple fact, you can't
      trust anything they built.

      > so I
      > get tons of spam for my users that appears to come from themselves or
      > from users in the same domain.
      >
    Your message has been successfully submitted and would be delivered to recipients shortly.