On 5/30/2013 6:21 PM, Peter wrote: > On 05/31/2013 03:50 AM, Feel Zhou wrote: >> I don't think that document is good to fix this problem >> I want sender address match my customer's domain name >> If not match ,mean that sender address was fake > > Hi Tom, > > This is a bad idea, it is very easy for a spammer to spoof your > customer's sender domain in order to relay mail through your server > and then your server becomes not much better than an open relay.
No, the client is already authorized by IP. Adding a sender domain check is an additional restriction. This is also a simple "some trusted IP is sending a bunch of crap" trigger. > > You should look into SASL AUTH, this is a much better way for your > customers to authenticate to your server for relaying: > http://www.postfix.org/SASL_README.html Good advice, but SASL is not always possible or practical. And solving this with SASL involves reject_sender_login_mismatch, which brings its own complications. > > > Peter -- Noel Jones