RE: ..::Spoofing Issues::..

Mon, 04 Oct 2010 14:17:17 -0700 

Thanks for your help, right now we use sasl auth and Works very good.

If the setup for example a gmail account and the change the gmail address for 
some user on the postfix domain, postfix delivers that email.

 

I don't want to accept emails from our domain in our server if they don't 
belong to my networks or they are authenticated.

 

For example if you setup you outlook to send an email from u...@domain.com 
using gmail as smtp relay, I want my postfix to drop that email because it is 
coming from other smtp server.

 

I hope this example helps.

 

Saludos. 
  
               
  
Ing. Alfonso Alejandro Reyes Jiménez 
          Analista del sector Gobierno 
  
E-mail: aare...@scitum.com.mx <mailto:aare...@scitum.com.mx>  
Telefono: 91 50 74 00 ext. 7489 
Movil: (044) 55 52 98 34 82

 

La información contenida en el presente correo es confidencial y para uso 
exclusivo de la persona o institución a que se refiere. Si usted no es el 
receptor deliberado es ilegal cualquier distribución, divulgación, 
reproducción, completa o parcial, aprovechamiento, uso o cualquier otra acción 
relativa a ella. Por favor notifique al emisor e inmediatamente bórrela de 
forma permanente de cualquier computadora en la que resida y en caso de 
existir, destruya cualquier copia impresa.

 

 

De: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] En 
nombre de mouss
Enviado el: lunes, 04 de octubre de 2010 03:48 p.m.
Para: postfix-users@postfix.org
Asunto: Re: ..::Spoofing Issues::..

 

Le 04/10/2010 21:37, Alfonso Alejandro Reyes Jimenez a écrit : 

Hi, everyone.

 

I have an issue with some users that are spoofing our mail server, rightnow we 
can restrict the spoofing on the same server.

But if they use another smtp server pretending that they are on our domain the 
can send those emails.


That's a FEATURE in smtp...




 

I use to work with websense which can be configured to get only mails from the 
users and ip address that belong to the domain, is there some way to tell 
postfix that he owns the domain mycompany.com and it reject everything that 
pretend to be the same domain?

 

Or any other idea to prevent the outside spoofing?

 


you can certainly do

smtpd_recipient_restrictions =
    permit_mynetworks
    permit_sasl_authenticated
    reject_unauth_destinaion
    check_sender_access hash:/etc/postfix/access_sender


== access_sender:
mydomain.example    REJECT blah blah
.mydomain.example    REJECT blah blah

<<image001.jpg>>

Reply via email to