Prev-20 Home Next-20 2 msg Remote backup Postfix server 7 msg chose interface for outgoing mail 2 msg Illegal address syntax ... in MAIL command: <... 1 msg Mail Infrastructure and Zertificon 1 msg sasl password 6 msg postfix TLS (configuration/user) problem 7 msg Virtual Alias Domain 3 msg copy of email 2 msg DNS Caching? 5 msg Using mysql for mynetworks 5 msg Blocking e-mail from a domain, to a particular ... prevent open relay \ Charles Account (12 Mar 2008) . \ mouss (12 Mar 2008) . . \ Charles Account (13 Mar 2008) . . . \ mouss (13 Mar 2008) . . . . \ Charles Account (14 Mar 2008) 15 msg cannot get mail from outside to my smtp server 6 msg Error connecting Postfix to LDAP 5 msg Config ok for TLS/SASL/Client Cert via port 587? 7 msg mail flow architecture 3 msg virtual forward + deliver 1 msg Re: RESOLVED: Using Canonical Maps as an Overri... 14 msg dual mail server 3 msg how to specify different outgoing IP Prev-20 Home Next-20

Prev-Msg Prev-Thread Postfix-users Mar-2008 Next-Thread Next-Msg Subject: RE: prevent open relay (resolved) Group: Postfix-users From: Charles Account Date: 14 Mar 2008 ---------------------------------------- > Date: Thu, 13 Mar 2008 17:40:39 +0100 > From: mouss > CC: postfix-users > Subject: Re: prevent open relay > > Charles Account wrote: >> Mouss, >> >> Thanks for the information. I wasn't clear with my question >> so let me elaborate what I want to do. >> I want to lock down the server so only mynetworked IP addresses >> can connect and send mail. The users can send to local or internet >> recipients. I want the users to be trusted so no authentication is >> required since this is done up stream. In addition, I want to add >> additional security where the sender address must be one of the >> email addresses stored on our service (access via ldap). An example >> would be I have 10 domains, such as, example1.com, example2.com... >> example10.com) >> >> Right now, I have secured the connection but I cannot secure the >> sender address so a user can send from any email address where >> the domain is known such as cwo1962. >> >> I done understand the relationship between smtpd_reject_unlisted_sender >> and check_sender_access nor how to setup an ldap query to return >> an OK/REJECT (if the address is not found in ldap). I tried setting up >> a very simple check_sender_access using a hash with one domain >> and I couldn't get that to work either. So I'm grasping at straws and >> scratching my head ;-) >> > > > Please do not top post (put your reply after the text you reply to. If > you think your text is not completely related, put it at the bottom of > the message). > > I still have some doubts, so correct me if I misunderstood: > > - the server is not a public MX. it is only for use from mynetworks > - you want your users to use addresses from a specific list of domains > > If so: > > smtpd_client_restriction = > permit_mynetworks > reject > > smtpd_sender_restrictions = > reject_unlisted_sender > check_sender_access hash:/etc/postfix/allowed_sender > reject > > > == allowed_sender: > domain1.example OK > domain2.example OK > > > users will still be able to forge addresses from the allowed domain. if > this is an issue, you need authentication. > Mouss, It works thanks for all your help. Charles _________________________________________________________________ Shed those extra pounds with MSN and The Biggest Loser! http://biggestloser.msn.com/ Prev-Msg Prev-Thread Postfix-users Mar-2008 Next-Thread Next-Msg

© 2004-2008 readlist.com