Re: [postfix-users] Postfix+Squirrelmail+Spam

Imam Cartealy
Sun, 06 Sep 2009 18:58:51 -0700
salam


muantap...
nanti saya coba

wassalam

ic

Hari Hendaryanto wrote:
> Hari Hendaryanto wrote:
>> Nyoman [D] wrote:
>>> On Thu, 2009-09-03 at 09:28 +0700, Kiswono Prayogo wrote:
>>>  
>>>> iya, tapi kalo permit_my_networks-nya diilangin, webmail yang pake
>>>> imap ga
>>>> berkutik kirim email --> ya webmailnya di set pakai authentication
>>>> sasl waktu mau ngirim, soalnya kalau tidak, bakal bisa ngirim sebagai
>>>> orang lain (si x ngirim sebagai si y dst.. itu seram sekali, bisa
>>>> gila..)
>>>>
>>>>     
>>>
>>> permit_my_networks-nya di allow untuk 127.0.0.1 saja pak
>>>
>>> Nyoman
>>>   
>> Sepertinya yg di tanyakan TS bukan bagaimana supaya squirrelmailnya
>> bisa ngirim, tapi gimana caranya supaya supaya user yg login nggak
>> bisa spoofing sender address.
>>
>> Aug 30 05:05:06 webmail postfix/cleanup[1473]: 5621323FA7:
>> message-id=<7a2d144cd865d8824ecac6ef0cc92afb.squir...@mydomain>
>> Aug 30 05:05:06 webmail postfix/qmgr[1155]: 5621323FA7:
>> from=<i...@email.com>, size=1501, nrcpt=201 (queue active)
>> Aug 30 05:05:07 webmail postfix/smtpd[1470]: disconnect from
>> localhost.localdomain[127.0.0.1]
>>
>> smtpd_restriction_classes = has_our_domain_as_sender
>> has_our_domain_as_sender = check_sender_access
>> hash:/etc/postfix/mydomains, reject
>>
>> isi mydomains
>>
>> domain.com OK
>> domain.org  OK
>>
>> postmap mydomains
>>
>> smtpd_recipient_restrictions =
>>   check_client_access hash:/etc/postfix/internal_networks,
>>   permit_mynetworks,
>>   permit_sasl_authenticated,
>>   reject_unauth_destination,
>>   reject_unlisted_recipient,
>>   .......
>>
>> isi internal_networks
>>
>> 127.0.0.1           has_our_domain_as_sender
>> 192.168.1          has_our_domain_as_sender
>> 192.168.2          has_our_domain_as_sender
>>
>> postmap internal_networks
>> postfix reload
>>
>> cuma email address dengan domain yg di specified di mydomains yg bisa
>> kirim, yg lain di reject.
>>
>> note: not tested
>>
>> cmiiw
> tested now :D
> 
> di config.php squiirelmail
> 
> $domain                 = 'domain.tld';
> $imapServerAddress      = 'localhost';
> $imapPort               = 143;
> $useSendmail            = false;
> $smtpServerAddress      = 'localhost';
> $smtpPort               = 25;
> 
> $useSendmail di buat false(yg di gunakan built in smto client
> squirrelmail),
> karena kalau pakai sendmail gak akan ngelewati smtpd_*_restrictions,tapi
> lewat pickup -> cleanup
> 
> cmiiw
> 
> wassalam
> 
> 
> 
> 
> 
> PT.CITRA SARI MAKMUR
> SATELLITE & TERRESTRIAL NETWORK
> 
> Connecting the distance - anytime, anywhere, any content
> http://www.csmcom.com
> 
> 

-- 
Imam Cartealy
Linux registered user #481374
Reply via email to