On 2012-01-14 12:23 PM, IVO GELOV (CRM) <i...@crm.walltopia.com> wrote:
I have downloaded the latest version 4.0 - but it seems there is no
way to prevent spammers to use forged email addresses. I decided to
remove the vacation feature from our corporate mail server, because
it actually opens a backdoor (even though only when someone decides
to activate his vacation auto-reply) for spammers and puts a risk on
the company (our server can be blacklisted).
Sorry, I misread your message...
However, (I *think*) there *is* a simple solution to your problem, if I
now understand it correctly...
Simply disallow anyone sending from an email address in your domain from
sending without SASL_AUTHing...
The way I do this is:
in main.cf (I put all of my restrictions in
smtpd_recipient_restrictions) add:
check_sender_access ${hash}/nospoof,
somewhere after reject_unauth_destination *but before any RBL checks)
where nospoof contains:
# Prevent spoofing from domains that we own
allowed_addre...@example.com OK
allowed_addre...@example.com OK
example.com REJECT You must use sasl_auth to send from one of our
example.com email addresses...
and of course be sure to postmap the nospoof database after making any
changes...
--
Best regards,
Charles
