[prev in list] [next in list] [prev in thread] [next in thread]
List: postfix-users
Subject: Re: Dropping email purporting to be from my domain received from the Internet
From: Allen Coates <znabble () cidercounty ! org ! uk>
Date: 2020-05-30 12:40:53
Message-ID: e3277353-42ff-1c3b-9896-77ab2ea0f003 () cidercounty ! org ! uk
[Download RAW message or body]
On 30/05/2020 00:58, Scott A. Wozny wrote:
> In my hypothetical environment, I have an external and an internal relay on
> either sides of a firewall. I want to configure the external system to relay
> both 1) email received from the internal relay to the Internet and 2) email
> received from the Internet to the internal relay (as long as the recipient is on
> my domain). This seems fairly straightforward to accomplish with a combination
> of mynetworks, relay_domains and relayhost or transport_maps configurations.
>
>
> Something I would like to drop, though, is email received from the Internet that
> has an address in the MAIL FROM on my domain but ONLY if received from the
> Internet (since it’s a core function of this relay to take identical messages
> relayed from the internal relay bound for Internet mail servers).
>
>
> I’ve been going through smtpd_sender_restrictions options look for something
> that fits the bill here, but I can’t seem to find anything that allows me to
> distinguish actions based upon whether or not the sender is not in my_networks
> (making them subject to “stranger rules” which include not sending FROM my domain).
>
>
> Is this something that’s relatively straightforward to configure in Postfix or
> do I need a more advanced anti-spam tool to get the configuration flexibility I
> need?
>
From my main.cf:-
smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_non_fqdn_sender,
reject_unknown_sender_domain
check_sender_access hash:/etc/postfix/sender_access,
etc, etc.....
Explanation:-
Line 1 will accept all my local machines (Servers and clients)
Lines 2 and 3 will reject rubbish senders;
Line 4 The access file rejects all senders CLAIMING to be from my own domain
and
From my sender_access file:-
### Reject any cidercounty sender not from local network
cidercounty.org.uk reject Sender is not authenticated - s
etc, etc....
It works for me, but I'm only a little guy :-)
Hope this helps
Allen C
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic