Hmmm I just tested it, and even when it works (SENDERCHECK=STRICT) all incoming external email are verified and rejected. This is the reason why I want to set SENDERCHECK=STRICT ONLY after the user has been authenticated.
The problem on setting SENDERCHECK=LOOSE is that after the user has been authenticated the "mail from:" can be spoofed. So, if I get it right what I need to do is to set SENDERCHECK=LOOSE for every smtp session and change it to STRICT when the user has been authenticated but I don't know how to do this. Anyone? Mensaje citado por Nicolas Lopez <[EMAIL PROTECTED]>: > You're right!. I thought that SENDERCHECK was not enforced after > authentication. > Thanks. > > > Mensaje citado por Hardik Dalwadi <[EMAIL PROTECTED]>: > > > Nicolas Lopez wrote: > > > Hello, > > > I would like to know how can I enforce SENDERCHECK in STRICT mode only > > after the > > > smtp session has been authenticated. > > > What I would like to achieve is to only allow the user to send email > from > > his > > > own domain and to not let him spoof other addresses/domains. > > > Is this possible? How? > > > Thanks a lot, > > > > > > Nicolas. > > > > > > > > > > > Have check the doc. of qmail-ldap? > > -------------------------------------------------------------------- > > SENDERCHECK > > > > Check if the sender (envelope "mail from:") of a message really exists > (in > > the > > ldap directory). If not give a 550 reject right now. > > Default: off > > Affects: qmail-smtpd > > Example: "" or "LOOSE" or "STRICT" > > Note: Only applies to senders whose domain is listed in ~control/locals. > > Everything else is assumed to be an external message with a > foreign > > sender coming in, so no check applied. This is normal mode. > > Setting to "LOOSE" will allow only senders which are listed either > > in > > ~control/locals or ~control/rcpthosts. Setting to "STRICT" will > only > > allow senders which are listed in ~control/locals. With this you > can > > enforce for example that people from certain ip ranges can only > send > > if they have a valid existing email address with you. > > Addresses or domains listed in ~control/goodmailaddr are > > unconditionally > > allowed in all cases. > > ------------------------------------------------------------------- > > > > Add <export SENDERCHECK="STRICT"> in qmail-smtpd run scriptand add only > your > > domain entry > > in ~/control/locals. So when ever sender sends mail through your domain > > qmail-ldap check it's entry against > > LDAP. If qmail-ldap found sender's mail entry in ldap then it will allow > > sender to send the mail > > through your domain. > > > > With Cheers, > > Hardik Dalwadi. > > >
