Reject inbound mail from local domain

Jan Kowalsky jankow at datenkollektiv.net
Mon Jun 2 14:05:55 CEST 2014


Hi Hede,

this is exacly my problem:

Am 02.06.2014 11:36, schrieb hede:
> Hi list,
> 
> with email it's possible to have anything as the senders address. 
> Even any valid local mail address is allowed to come in via external
> mail servers.
> 
> For example if I have two users: first_user at example.com and
> second_user at example.com. Anyone can send a mail with "from:" header
> "first_user at example.com" from anywhere in the world to
> "second_user at example.com" and kolab accepts this, even if postfix
> should know that mails from its local domain (i.e example.com in this
> example) _must_ come from authorised users only (or from internal
> processes at least) and not via some port 25 smtpd.

as far as I understood:
the

smtp_sender_restrictions = reject_sender_login_mismatch

should do this.
http://www.postfix.org/postconf.5.html#reject_sender_login_mismatch

But this doesn't work in my actual kolab setup neither. I looked into
http://git.kolab.org/pykolab/tree/pykolab/setup/setup_mta.py

there this is referenced on line 264 but never came into my main.cf -
probably it's overwritten with the variable on line 266.

I was wondering what the

  check_policy_service unix:private/sender_policy_incoming

does exactly.

smtpd_sender_restrictions =
  permit_mynetworks
  reject_sender_login_mismatch
  check_policy_service unix:private/sender_policy_incoming

I assume this should do something like we want.

> Whats the best way to filter those incoming mails? Spamassasin,
> header_checks, check_sender_access or something else?
> 
> I would like to mark all those mails as spam or forward all of them
> to an admin user.
> 
> The thing is: If an internal user get's a mail from
> first_user at example.com (where example.com stands for my own internal
> domain) it should be reliable that it was sent by the local user who
> has first_user at example.com as it's mail address or mail alias.

To invetigate this further is on my todo.

If anybody has an idea this would be very appreciated.

Kind Regards
Jan


More information about the users mailing list