Nicolas Lopez wrote:
Hello,
I would like to know how can I enforce SENDERCHECK in STRICT mode only after the
smtp session has been authenticated.
What I would like to achieve is to only allow the user to send email from his
own domain and to not let him spoof other addresses/domains.
Is this possible? How?
Thanks a lot,
Nicolas.
Have check the doc. of qmail-ldap?
--------------------------------------------------------------------
SENDERCHECK
Check if the sender (envelope "mail from:") of a message really exists (in the
ldap directory). If not give a 550 reject right now.
Default: off
Affects: qmail-smtpd
Example: "" or "LOOSE" or "STRICT"
Note: Only applies to senders whose domain is listed in ~control/locals.
Everything else is assumed to be an external message with a foreign
sender coming in, so no check applied. This is normal mode.
Setting to "LOOSE" will allow only senders which are listed either in
~control/locals or ~control/rcpthosts. Setting to "STRICT" will only
allow senders which are listed in ~control/locals. With this you can
enforce for example that people from certain ip ranges can only send
if they have a valid existing email address with you.
Addresses or domains listed in ~control/goodmailaddr are unconditionally
allowed in all cases.
-------------------------------------------------------------------
Add <export SENDERCHECK="STRICT"> in qmail-smtpd run scriptand add only your
domain entry
in ~/control/locals. So when ever sender sends mail through your domain
qmail-ldap check it's entry against
LDAP. If qmail-ldap found sender's mail entry in ldap then it will allow sender
to send the mail
through your domain.
With Cheers,
Hardik Dalwadi.
