'Re: Forged header detection and selective filtering (Postfix help'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kolab-users
Subject:    Re: Forged header detection and selective filtering (Postfix help
From:       Adam Tworkowski <atworkowski () masterfile ! com>
Date:       2006-02-15 18:21:39
Message-ID: 1140027699.8509.26.camel () atworkowski-ubuntu
[Download RAW message or body]

I am trying to allow certain email addresses using my local domain (say
fakeuser@domain.com) to send mail from remote networks to valid local
users (i.e.realuser@domain.com).

Basically I am trying to poke a hole in Kolab's UCE policy on a per
sender basis through Postfix.

I am adding the senders address to /kolab/etc/postfix access (which is
otherwise empty and mapping it with /kolab/sbin/postmap access.

| fakeuser@domain.com OK

I am then changing the following line in Postfix's main.cf from:

smtpd_sender_restrictions = permit_mynetworks, check_policy_service
unix:private/kolabpolicy

to:

smtpd_sender_restrictions = check_sender_access
hash:/kolab/etc/postfix/access, permit_mynetworks, check_policy_service
unix:private/kolabpolicy

When attempting to send mail as the user I get the following (note that
I am definitely not on a network local to Postfix):

telnet 192.168.1.10  25
Trying 192.168.1.10...
Connected to 192.168.1.10.
Escape character is '^]'.
220 kolab01.domain.com ESMTP Postfix
ehlo hotmail.com
250-kolab01.domain.com
250-PIPELINING
250-SIZE 20971520
250-VRFY
250-ETRN
250-STARTTLS
250 8BITMIME
MAIL FROM:  fakeuser@domain.com
250 Ok
RCPT TO: realuser@domain.com
554 <fakeuser@domain.com>: Sender address rejected: Invalid sender

Am I going about this the right way?  Is there another filter getting in
the way?  What am I missing?  

Also, if an address is not present during the "check_sender_access"
check am I expecting it to bail, or move on to permit_mynetworks?

Any help would be much appreciated.  Thanks.

-Adam

On Tue, 2006-14-02 at 13:14 -0500, Adam Tworkowski wrote:
> Hi,
> 
> Our Kolab server (correctly) detects forged "from" headers so that if
> you say you are "user@domain.com" where domain.com is local, and you are
> sending from somewhere that is not domain.com and your message is
> refused.  How would I go about allowing certain "users" to by-pass this
> feature so that user1@domain.com can be delivered as if local even
> thought the headers are really forged?  
> 
> We have a business requirement to accept mail "from" certain "accounts"
> that aren't local (affiliate users who we don't necessarily want on our
> mail system, as well as some forwarders from an external mail system
> via /etc/aliases.
> 
> Thanks in advance.  
-- 
Regards,

Adam Tworkowski, atworkowski@masterfile.com
Systems Administrator, Computer Department
Masterfile Corporation, www.masterfile.com
 
************************************************************************
This email message is intended only for the named recipient(s) above and
may contain information that is privileged, confidential, subject to
copyright and/or exempt from disclosure under applicable law.  You are
hereby notified that any unauthorized use of this transmission is
strictly prohibited.  If you are not the named recipient(s), please
immediately notify the sender and delete this email message.
************************************************************************




[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic