OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
prevent open relay

From: Charles Account (cwo1962hotmail.com)
Date: Wed Mar 12 2008 - 15:10:27 CDT


Hi,

I am trying to understand how to configure postfix
to send mail from mynetworks where I can send
either to a local users or outbound mail.
I would like to have additional security by enforcing
the sender to be a known. All my users are stored in ldap.
I've been playing with smtpd_sender_restrictions and
check_sender_access but I haven't been able to restrict
the mail from author to a known user. I don't know
what the ldap query should be so I used the ldap
mailbox map query/result as a test. How can I
configure this service to restrict to only allowing
known senders?

Here is postconf -n output:

alias_maps = hash:/etc/aliases
allow_mail_to_commands =
allow_mail_to_files =
command_directory = /opt/zimbra/postfix-2.5.1/sbin
config_directory = /opt/zimbra/postfix-2.5.1/conf
daemon_directory = /opt/zimbra/postfix-2.5.1/libexec
data_directory = /opt/zimbra/postfix-2.5.1/data
debug_peer_level = 2
disable_vrfy_command = yes
html_directory = no
mail_owner = postfix
mailq_path = /opt/zimbra/postfix-2.5.1/sbin/mailq
manpage_directory = /opt/zimbra/postfix-2.5.1/man
mydestination = localhost myserver.com myserver
mynetworks = 11.111.111.11, 127.0.0.0/8
newaliases_path = /opt/zimbra/postfix-2.5.1/sbin/newaliases
queue_directory = /opt/zimbra/postfix-2.5.1/spool
readme_directory = no
sample_directory = /opt/zimbra/postfix-2.5.1/conf
sender_canonical_maps = ldap:/opt/zimbra/conf/ldap-scm.cf
sendmail_path = /opt/zimbra/postfix-2.5.1/sbin/sendmail
setgid_group = postdrop
smtpd_client_restrictions = reject_unauth_pipelining
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_delay_reject = no
smtpd_etrn_restrictions = reject
smtpd_helo_required = yes
smtpd_helo_restrictions = reject_non_fqdn_hostname, reject_invalid_hostname, reject_unknown_hostname
smtpd_recipient_limit = 100
smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_mynetworks, reject_unauth_destination, permit
smtpd_sender_restrictions = reject_non_fqdn_sender, reject_unknown_address, permit_mynetworks, check_sender_access ldap:/opt/zimbra/conf/ldap-vmm.cf
transport_maps = ldap:/opt/zimbra/conf/ldap-transport.cf
unknown_local_recipient_reject_code = 550
virtual_alias_domains = ldap:/opt/zimbra/conf/ldap-vad.cf
virtual_alias_maps = ldap:/opt/zimbra/conf/ldap-vam.cf
virtual_mailbox_domains = ldap:/opt/zimbra/conf/ldap-vmd.cf
virtual_mailbox_maps = ldap:/opt/zimbra/conf/ldap-vmm.cf
virtual_transport = error

_________________________________________________________________
Climb to the top of the charts! Play the word scramble challenge with star power.
http://club.live.com/star_shuffle.aspx?icid=starshuffle_wlmailtextlink_jan