Prevent Postfix from accepting any emails sent by domains in "mydestination" from outside "mynetworks"

Peter Stimpel asked:

On our mx’s we looked for a way to prevent those servers from receiving certain faked mails. Those faked mails come along using sender addresses my servers are handling and are responsible for, the domains are listed in mydestinations and from outside mynetworks.

So we created an smtpd_sender_restrictions config:

smtpd_sender_restrictions = permit_mynetworks, hash:/etc/postfix/sender_is_bad

Now sender_is_bad looks like:


domainA REJECT Nice try from outside
domainB REJECT Nice try from outside
...

in main.cf we have


mydestination: domainA, domainB
mynetworks: 127.0.0.1 192.168.0.0/24

The idea is to ignore the rules in sender_is_bad as long they were sent from within our networks, and to refuse mails coming from outside my networks having our domains in the sender address.

This works fine, so where is the question?

I am looking for a way to use something like

smtpd_sender_restrictions = permit_mynetworks, reject_mydestinations

Any idea? I was walking through the postfix manuals again and again, but was not able to find such a rule. It would eliminate errors when we add new domains to mydestinations. On top I think, this should be a standard rule, since usually you do not need to accept such mails as long as you have no external services sending in your name from outside your networks…

Best Regards,
Peter

My answer:


I’m pretty sure you’re looking for reject_unauthenticated_sender_login_mismatch. This prevents mail being delivered FROM an address, unless the sender authenticated with that address.


View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.