|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Allowing only valid (deliverable) sender address for outgoing mail
Subject: Re: Allowing only valid (deliverable) sender address for outgoing mail
From: Wietse Venema (wietse
porcupine.org)
Date: Mon Jan 10 2000 - 12:22:42 CST
- Next message: Marco d'Itri: "Re: Design for Multi-Server Multi-Domain System"
- Previous message: Wietse Venema: "Re: fallback_relay vs. transport"
- In reply to: Mark Martinec: "Allowing only valid (deliverable) sender address for outgoing mail"
- Reply: Wietse Venema: "Re: Allowing only valid (deliverable) sender address for outgoing mail"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
What about an access map like this:
joemy.domain OK
janehost.my.domain OK
joe.blowfoo.my.domain OK
my.domain 550 Address unknown
Translation: if a specific userdomain entry is found, assume it
is OK. Otherwise, the less specific "my.domain" entry rejects the
address (it also matches subdomains and hosts). If the address is
not in the local domain, there is no matching entry in the table.
With outbound mail, you could consider to let it pass. With inbound
mail you'd want to reject it as an unauthorized relay attempt.
However, SMTPD access maps have no support for +foo address
extensions. I suppose I never got around to that.
Wietse
Mark Martinec:
> I need an advice on how to tighten up Postfix on the main mail gateway
> so that it would only allow outgoing mail sent with a valid (deliverable)
> 'From:' address, which is of the form Name.Surnamedomain
> (the problem arises when mail is forwarded by internal hosts - see below).
>
> Our internal hosts generate the sender address either of the form
> usernamehost.domain (workstations) or as Name.Surnamedomain (PCs).
> The first form is translated by sender_canonical_maps on the gateway
> to external form (Name.Surnamedomain). The second form is assumed
> to already be in the correct external form. [Btw, the 'username' part
> is host specific for historical reasons - i.e. there may be another user
> on a different internal workstation with the same username.]
>
> I tried to provide a list (a map) of all valid internal as well as
> all external canonical e-mail addresses to limit the sender address
> for the outgoing mail (recognized as outgoing when originating
> from mynetworks). This worked fine with one exception:
>
> The problem is when a user on an internal host creates a forwarding
> address on his mailer to resend the mail he receives to some foreign host
> (if forwarding is done by central mail gateway all is fine).
> In this case the forwarded mail is (re-)originating from the
> internal host, yet the sender address is foreign. My mail gateway
> should allow this outgoing mail, but I don't know how to
> describe/pinpoint this type of resent messages to Postfix.
>
> Regards
> Mark
>
> --
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> !! Mark Martinec (system manager) tel +386 61 177-3575 !!
> !! J. Stefan Institute, Jamova 39 fax +386 61 219-385 !!
> !! SI-1000 Ljubljana, Slovenia mark.martinecnsc.ijs.si !!
> !!!!!!!!!!!!!!!!!!!!!!!!!! http://www.ijs.si/people/mark/ !!!!
>
>
>
- Next message: Marco d'Itri: "Re: Design for Multi-Server Multi-Domain System"
- Previous message: Wietse Venema: "Re: fallback_relay vs. transport"
- In reply to: Mark Martinec: "Allowing only valid (deliverable) sender address for outgoing mail"
- Reply: Wietse Venema: "Re: Allowing only valid (deliverable) sender address for outgoing mail"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b27 : Mon Jan 10 2000 - 12:24:31 CST