From: Radha V (radha_vsifycorp.com)
Date: Fri Jan 02 2004 - 06:05:46 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi
 Not all clients using our postfix relay servers support authenticated
SMTP. There are a lot of clients who are using older versions of Lotus
notes etc(which does not support authentication) from which they connect
to our postfix relay servers to send out mails. If we put authenticated
SMTP then we will have to force all the clients to support it which is
not feasible in our case.

Any other suggestions to correlate IP with the Domain?

On Fri, 2004-01-02 at 15:47, Tony Earnshaw wrote:
> fre, 02.01.2004 kl. 08.01 skrev Radha V:
>
> > The client IPs (trusted IPs) which are specified in mynetworks should
> > not
> > be allowed to send mail with FROM address other than the domains
> > specified in relaydomains file. This restriction should apply only for
> > the
> > IPs in mynetworks. That is
> >
> > If a mail from yahoo/hotmail to any domain in the relaydomains file,then
> > it should go through.
>
> [...]
>
> > Plz suggest ways to implement this kind of restriction.
>
> Definitely. I don't trust my users further than I can spit. Using
> Postfix November snapshot I use the following policy:
>
> 1: All smtp-authenticated users may relay from anywhere on $mynetworks
> or the Internet;
> 2: No non smtp-authenticated user may relay;
> 3: smtp-authenticated users may not change their e-mail address (realm)
> once authenticated. Exceptions are made for groups to which those users
> belong (i.e. tonyemydomain.tld is member of the Posix group
> supportmydomain.tld, so he may use support's address to mail with).
>
> So, my suggestion would be smtp AUTH. Lets through all Internet mail
> unhindered, whilst it prevents internal spammers and pranksters.
>
> --Tonni
--
Rgds,
 Radha.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]