> On Jun 3, 2019, at 9:02 AM, De Petter Mattheas
> <mattheas.depet...@jandenul.com> wrote:
>
> For the moment we have a rule that only allow mail from exchange server
> address to postfix (relay server), but when somebody spoofs this address mail
> gets accept and you can send your mail to anybody as anybody.
>
> When I check:
> [administrator@eqx-mailman02 ~]$ sudo postconf -a
> [sudo] wachtwoord voor administrator:
> cyrus
> dovecot
You can configure SASL authentication on both ends (client on Exchange, server
on Postfix)
and require SASL authentication for relaying:
http://www.postfix.org/SASL_README.html
or you can require a TLS client certificate:
http://www.postfix.org/postconf.5.html#check_ccert_access
http://www.postfix.org/postconf.5.html#relay_clientcerts
--
Viktor.