You're right!. I thought that SENDERCHECK was not enforced after authentication. Thanks.
Mensaje citado por Hardik Dalwadi <[EMAIL PROTECTED]>: > Nicolas Lopez wrote: > > Hello, > > I would like to know how can I enforce SENDERCHECK in STRICT mode only > after the > > smtp session has been authenticated. > > What I would like to achieve is to only allow the user to send email from > his > > own domain and to not let him spoof other addresses/domains. > > Is this possible? How? > > Thanks a lot, > > > > Nicolas. > > > > > > > Have check the doc. of qmail-ldap? > -------------------------------------------------------------------- > SENDERCHECK > > Check if the sender (envelope "mail from:") of a message really exists (in > the > ldap directory). If not give a 550 reject right now. > Default: off > Affects: qmail-smtpd > Example: "" or "LOOSE" or "STRICT" > Note: Only applies to senders whose domain is listed in ~control/locals. > Everything else is assumed to be an external message with a foreign > sender coming in, so no check applied. This is normal mode. > Setting to "LOOSE" will allow only senders which are listed either > in > ~control/locals or ~control/rcpthosts. Setting to "STRICT" will only > allow senders which are listed in ~control/locals. With this you can > enforce for example that people from certain ip ranges can only send > if they have a valid existing email address with you. > Addresses or domains listed in ~control/goodmailaddr are > unconditionally > allowed in all cases. > ------------------------------------------------------------------- > > Add <export SENDERCHECK="STRICT"> in qmail-smtpd run scriptand add only your > domain entry > in ~/control/locals. So when ever sender sends mail through your domain > qmail-ldap check it's entry against > LDAP. If qmail-ldap found sender's mail entry in ldap then it will allow > sender to send the mail > through your domain. > > With Cheers, > Hardik Dalwadi. >
