Re: Rejection of not authenticated users when FROM and TO matches my domain
- Ivan Stepaniuk a écrit :
> mouss wrote:you can use reject_unauthenticated_sender_login_mismatch but:
>> Ivan Stepaniuk a écrit :
>>> Hi everybody, I have a postfix+sasl+mysql setup. Could someone point out
>>> how to reject mails when both FROM and TO addresses are @...,
>>> and of course only when the sender is not sasl authenticated?
>> if you are talking about envelope addresses (MAIL FROM and RCPT TO),
>> then use a policy service or a milter. postfix access checks act on a
>> single parameter (no combination of fields).
> Thanks. Just to be clear, forgetting then about the RCPT TO for a while,
> could I restrict the sender from within postfix, in a way that when MAIL
> FROM matches my users map, the user needs to be always sasl
> authenticated to send mail? and if so, is there a way to do this without
> further restricting authenticated users?
you can't reject mail once your gateway (or that of your filtering
provider) has accepted it. this will cause the gateway to send bounces
to forged addresses, and this has name: backscatter. and it is bad.
you can only reject mail received from "foreign" servers (servers that
are not supposed to accept mail for your domains).
> The problem is that my server is behind a gateway (which I don't haveGet rid of this borked gateway (if it can't be fixed). it's been years
> access to) that filters spam, but it white-lists all my domains,
that all people involved in email know that sender addresses are easily
forged. if a developer/designer/... missed this simple fact, you can't
trust anything they built.
> so I
> get tons of spam for my users that appears to come from themselves or
> from users in the same domain.