From: Dave McGuire (mcguireneurotica.com)
Date: Tue Jul 24 2007 - 02:18:53 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Jul 23, 2007, at 6:09 PM, Magnus Bäck wrote:
>> Thank you for responding so quickly! I've set up sender address
>> verification in the standard way:
>>
>> smtpd_sender_restrictions = hash:/etc/postfix/sender_access,
>> reject_unknown_sender_domain
>>
>> ...with "<domainname> reject_unverified_sender" lines in /etc/
>> postfix/sender_access. I've thought about this a bit more...if my
>> understanding is correct, it should be enough to simply add "<sender
>> address> OK" lines to the sender_access file. Does that sound like
>> a reasonable approach?
>
> Yes, but less reasonable than using a correct sender address in the
> first place. I don't understand why you have SAV enabled for your own
> domain in the first place. SAV is typically used on foreign domains.

   If this is true, then someone might want to change:

   http://www.postfix.org/ADDRESS_VERIFICATION_README.html

   ...where it clearly states:
  "NOTE: One of the first things you might want to do is to turn on
sender address verification for all your own domains."

>> I'd like to not have the sending machine (a webserver in this
>> case)
>> answer on port 25, which would seem to be a requirement for the use
>> of proper (verifiable) sender addresses.
>
> Not at all. You can specify any sender address you want. That's
> completely up to the sending application, and if you can't teach the
> application to use a sane address you could use generic rewriting
> on the webserver Postfix to rewrite the bad address into a good one.

   Of course. The address, however, isn't "bad"...it's just one that
cannot (and should not) *receive* messages. This is nothing new.

             -Dave

--
Dave McGuire
Port Charlotte, FL

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]