On Wed, Mar 04, 2009 at 09:40:51AM -0200, Miguel Da Silva - Centro de
Matem?tica wrote:
> smtpd_recipient_restrictions =
> check_recipient_access hash:/etc/postfix/bloqueados
> permit_mynetworks
> permit_sasl_authenticated
> reject_unauth_destination
> reject_rbl_client zen.spamhaus.org
> reject_rbl_client bl.spamcop.net
> reject_unknown_recipient_domain
> reject_unverified_recipient
> check_policy_service inet:127.0.0.1:10026
>
> By the way, I kept check_recipient_access as the first one because it is
> written correctly and all it does is reject mail to 2 local users that must
> not recieve any message no matter how send it.
>
> But, the main issue remains... I could not enforce authentication.
Insisting on "authentication" is not an option on an inbound MX service,
remote MTAs will not authenticate to you, and you don't want to refuse
their mail.
If you really must, you could try:
http://www.postfix.org/postconf.5.html#smtpd_sasl_login_maps
http://www.postfix.org/postconf.5.html#reject_sender_login_mismatch
this is stronger than "requiring authentication", and will break "evites"
and other cases where your own sender addresses originate legitimately from
3rd-party sending systems.
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majord...@postfix.org?body=unsubscribe%20postfix-users>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
