On Tue, 2010-05-04 at 12:29 +0300, Appliantologist wrote:
> Hi guys,
>
> I still need to accept mail for the email addresses we host on our
> machine from the net, so blocking port 25 or mynetworks as local host
> would seem to prevent that. we still have users on the domain that
> get mail to the address, except now we forward that mail to gmail
> using the virtual table
>
> here is the result of postconf -n
>
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> daemon_directory = /usr/libexec/postfix
> debug_peer_level = 2
> default_privs = apache
> disable_vrfy_command = yes
> html_directory = no
> in_flow_delay = 1s
> inet_interfaces = all
> mail_owner = postfix
> mailq_path = /usr/bin/mailq.postfix
> manpage_directory = /usr/share/man
> mydestination = $myhostname, localhost.$mydomain, localhost
> mydomain = wans-eu.com
> myhostname = wans-eu.com
> newaliases_path = /usr/bin/newaliases.postfix
> queue_directory = /var/spool/postfix
> readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
> sample_directory = /usr/share/doc/postfix-2.3.3/samples
> sendmail_path = /usr/sbin/sendmail.postfix
> setgid_group = postdrop
> smtpd_helo_restrictions = reject_invalid_hostname
> strict_rfc821_envelopes = yes
> unknown_local_recipient_reject_code = 550
> virtual_alias_domains = multiterminal.ua
> virtual_alias_maps = hash:/etc/postfix/virtual
>
>
1) Add
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
permit
2) create a relaydomains file
http://www.postfix.org/postconf.5.html#relay_domains
3) And ask the legitimate senders to use sasl auth
