Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Magnus Bäck (magnusdsek.lth.se)
Date: Mon Jul 23 2007 - 17:09:39 CDT
On Monday, July 23, 2007 at 23:59 CEST,
Dave McGuire <mcguireneurotica.com> wrote:
> On Jul 23, 2007, at 5:26 PM, Magnus Bäck wrote:
> > Sure. A suitably placed permit_mynetworks can probably solve it,
> > but that depends on your exact configuration.
> Thank you for responding so quickly! I've set up sender address
> verification in the standard way:
> smtpd_sender_restrictions = hash:/etc/postfix/sender_access,
> ...with "<domainname> reject_unverified_sender" lines in /etc/
> postfix/sender_access. I've thought about this a bit more...if my
> understanding is correct, it should be enough to simply add "<sender
> address> OK" lines to the sender_access file. Does that sound like
> a reasonable approach?
Yes, but less reasonable than using a correct sender address in the
first place. I don't understand why you have SAV enabled for your own
domain in the first place. SAV is typically used on foreign domains.
> > The clean solution is of course to use proper sender addresses or,
> > if no bounces are desired at all, to use the null sender address (<>).
> I'd like to not have the sending machine (a webserver in this case)
> answer on port 25, which would seem to be a requirement for the use
> of proper (verifiable) sender addresses.
Not at all. You can specify any sender address you want. That's
completely up to the sending application, and if you can't teach the
application to use a sane address you could use generic rewriting
on the webserver Postfix to rewrite the bad address into a good one.