From: Hamish Marson (no email)
Date: Wed Jan 02 2002 - 06:40:58 EST
Wietse Venema wrote:
> Administrator [Ilustración 10]:
> > smtpd_recipient_restrictions = ...
> > check_sender_access hash:/etc/postfix/sender_access,
> > check_sender_access hash:/etc/postfix/sender_restrictions,
> > ...
>
> If you use check_sender_access in this way then you make yourself
> an open relay for anyone who can guess a sender address.
>
True.
Use the smtpd_restriction_classes instead, and trigger a sequence of
checks based on the client itself. So that you only check the sender for
YOUR valid sending hosts, and don't accept valid sending addresses from
other servers.
e.g.
smtpd_restriction_classes = check_sender_valid check_spoof_internal
invalid_sender
check_sender_valid = check_sender_access
dbm:/etc/postfix/allowed_users.send
invalid_sender = check_sender_access regexp:/etc/postfix/unauth_users
check_spoof_internal = check_client_access dbm:/etc/postfix/valid_relays
smtpd_sender_restrictions =
check_client_access dbm:/etc/postfix/local_sender_restrictions,
permit
--
I don't suffer from Insanity... | Linux User #237369
I enjoy every minute of it... |
|
http://www.travellingkiwi.com/ |
-
To unsubscribe, send mail to with content
(not subject): unsubscribe postfix-users
|
|
|