prevent smtp senders to fake sender address to an address from internal domains
Jan Kowalsky
jankow at datenkollektiv.net
Wed Jun 25 15:37:31 CEST 2014
Hi all,
I try to prevent senders from outside delivering emails via smtp can
fake sender addresses in a way that it looks like the email is
originated from an internal domain.
There are several possibilities in postfix and I would like to hear
about your opinions:
1. via reject_sender_login_mismatch
This didn't work for me out of the box because of:
https://issues.kolab.org/show_bug.cgi?id=3156
after setting
smtpd_sender_login_maps = $virtual_alias_maps
I can set
smtpd_sender_restrictions =
reject_sender_login_mismatch
and smtp-senders can't send with any internal email address which is known.
But still it's possible to send with non existent email addresses from
internal domains.
2. check_sender_access
In smtp_sender_restrictions you can:
smtpd_sender_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
check_sender_access hash:/etc/postfix/access_table,
...,
permit
where access_table has something like
mydomain.org REJECT You are not my domain
I didn't find out yet how to configure this for working together with
ldap that $mydomains are taken for this check.
How do you handle that?
Thanks in advance
Best Regards
Jan
More information about the users
mailing list