Hi Rich,
On Tue, March 29, 2016 1:15 pm, Rich Pieri wrote:
> Postfix out of the box should not permit what you describe so I think
> you broke something. Things to check in main.cf: mydestination,
> mynetworks, relay_domains, and smtpd_relay_restrictions.
I thought so, too. Here's what I've got:
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
/etc/postfix/hostlist
mynetworks = 127.0.0.0/8 <my class C>/24 192.168.X.0/24
[2001:xxxx:yyyy::]/48 [::1]/128 [fe80::]/10
relay_domains is not set
smtpd_relay_restrictions =
For kicks I just added reject_unauthenticated_sender_login_mismatch to my
smtpd_sender_restrictions:
smtpd_sender_restrictions = permit_mynetworks,
permit_tls_clientcerts,
permit_sasl_authenticated,
check_sender_access hash:/etc/postfix/goodsender,
check_sender_access hash:/etc/postfix/badsender,
reject_unknown_sender_domain,
reject_non_fqdn_sender,
check_sender_access hash:/etc/postfix/sender_access,
reject_unverified_sender,
reject_unauthenticated_sender_login_mismatch,
permit
> Not sure off-hand what the sendmail equivalents are.
This is my bigger concern.... :(
One of these years I should just migrate that server over to postfix.
> Rich P.
-derek
--
Derek Atkins 617-623-3745
[email protected] www.ihtfp.com
Computer and Internet Security Consultant
_______________________________________________
Discuss mailing list
[email protected]
http://lists.blu.org/mailman/listinfo/discuss
