Peter Stimpel asked:
On our mx’s we looked for a way to prevent those servers from receiving certain faked mails. Those faked mails come along using sender addresses my servers are handling and are responsible for, the domains are listed in
mydestinations and from outside
So we created an
smtpd_sender_restrictions = permit_mynetworks, hash:/etc/postfix/sender_is_bad
sender_is_bad looks like:
domainA REJECT Nice try from outside
domainB REJECT Nice try from outside
main.cf we have
mydestination: domainA, domainB
mynetworks: 127.0.0.1 192.168.0.0/24
The idea is to ignore the rules in
sender_is_bad as long they were sent from within our networks, and to refuse mails coming from outside my networks having our domains in the sender address.
This works fine, so where is the question?
I am looking for a way to use something like
smtpd_sender_restrictions = permit_mynetworks, reject_mydestinations
Any idea? I was walking through the postfix manuals again and again, but was not able to find such a rule. It would eliminate errors when we add new domains to
mydestinations. On top I think, this should be a standard rule, since usually you do not need to accept such mails as long as you have no external services sending in your name from outside your networks…
I’m pretty sure you’re looking for
reject_unauthenticated_sender_login_mismatch. This prevents mail being delivered FROM an address, unless the sender authenticated with that address.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.