Dnia 27.08.2020 o godz. 14:30:21 Marek Kozlowski pisze: > The following configuration: > > #------------------------------------------------- > smtpd_recipient_restrictions = > permit_mynetworks, > permit_sasl_authenticated, > reject_unauth_destination, > check_sender_access hash:/etc/postfix/sender_checks_my, > ...
What does "check_sender_access" do in smtpd_recipient_restrictions ? According to documentation, you can have "check_recipient_access" there, but not "check_sender_access". > accepts mail from '...@sth.mydomain.tld' only from authenticated > users or the hosts specified by the 'mynetworks' list. Looks like a bad idea. Suppose someone is sending mail from u...@sth.mydomain.tld to some address that is forwarding mail back to anotheru...@sth.mydomain.tld. Under your assumptions, you will reject that mail requiring authentication. This is not an abstract example, one of large email providers in Poland that you probably know (Onet) was once configured that way that it required authentication for *all* incoming mail if the sender was from @poczta.onet.pl (yes, it required authentication on port 25 - I don't know if it's still configured that way). I was at that time managing an email server at some university. A lot of people forwarded mail from their university account to private accounts and some of them had accounts at Onet. When someone other with account at Onet sent them mail to their university address, they didn't receive the email that was forwarded to their private account, because it was rejected by Onet. > # cat /etc/postfix/sender_checks_my > 1.2.3.4/24 OK > sth.mydomain.tld 554 Please enable SMTP AUTH What is an IP address doing in "check_sender_access" table? As the documentation says, "check_sender_access" does the following: "Search the specified access(5) database for the MAIL FROM address, domain, parent domains, or localpart@, and execute the corresponding action." I don't see any IP addresses mentioned here. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub."
