Andrea Gozzi:
> On Tue, 2008-09-09 at 13:25 -0400, Wietse Venema wrote:
> > Andrea Gozzi:
> > > On Tue, 2008-09-09 at 13:03 -0400, Wietse Venema wrote:
> > > > >
> > > > >
> > > > > It works, thanks.
> > > > > I have one further question: how do I restrict access to postfix for
> > > > > any
> > > > > user with @myfreemail.com account only from localhost (where the
> > > > > webmail
> > > > > is running)?
> > > >
> > > > The answer depends on how your webmail injects mail into Postfix.
> > > >
> > > > Wietse
> > >
> > > Via smtpd.
...
> > /etc/postfix/sender_access:
> > myfreemail.com REJECT restricted to localhost only
...
> The REDIRECT check can easily be bypassed by changing the MAIL FROM: ,
> so I configured the webmail to allow mail originating from the real
> address only.
> Unfortunately, someone might still try to connect directly to postfix
> and fake the envelope..
>
> Is there any way to enforce the localhost origin restriction after the
> users have authenticated?
You replied above that the web application injects mail into Postfix
via SMTP. This means that the web application gives the MAIL FROM
address to Postfix. Therefore the web application can reject
addresses that have the wrong sender domain.
Wietse
