On 09/08/2010 12:36 AM, Jan-Frode Myklebust wrote:
On Tue, Sep 07, 2010 at 08:20:36PM +0200, Jeroen Geilman wrote:
On 09/07/2010 06:57 PM, mouss wrote:
OP is an ISP providing outbound relay to residential users. his
problem is not easy to solve.
Thanks for understanding. I´ve gotten information off list that gmail
are setting the sender to the gmail authenticated user when sending from
non-gmail addresses. So I´m at least not alone in thinking this should
be a good solution.
Also I believe you have to pre-register any address you want to send
from trough gmail, which sounds like we could use postfix´
smtpd_sender_login_maps to implement a similar solution.
Residential users don't often have their own mail servers/domains.
Limiting these to sending with their true ISP address is fairly common.
(And just about the only sane way to implement this kind of relay)
In Norway all/most ISPs are forcing their residential users trough the
ISP`s smarthosts. Outgoing port 25/tcp is blocked. So users are not
allowed to run their own mailservers. I can´t justify also requiring
all users to use the ISP´s mail addresses.
-jf
Hi,
iam running a small ISP here in egypt and we are using
smtpd_sender_login maps to prevent anyone unauthenticated to send from
email addresses they don't own, it works very well and postifix responds
with an error "address not owned by user".
one challenge we faced was that the database query has to include all
aliases which are registered for the authenticated username (in our case
the email) but this is no problem with some smart views on your database
table.
so set smtpd_sender_login_maps = proxy:pgsql:/path.cf
and then in smtpd_sender_restrictions = reject_sender_login_mismatch
and you are done.
PS: you should of course separate the incoming client mail and the
domain domain mail transfers, so for example mailserver to mailserver
uses port 25 where this policy is not applied and clients use port 587
submission where this policy is applied.
Frank
