|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: D. Karapiperis (dimkar
thessaloniki.gr)
Date: Wed Dec 31 2008 - 02:54:16 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
O/H mouss έγραψε:
> D. Karapiperis a écrit :
>
>> O/H Wietse Venema έγραψε:
>>
>>> Since he asked for a "nice" way to specify this in Postfix, a "nice"
>>> implementation of this would look like this:
>>>
>>> /etc/postfix/main.cf:
>>> smtpd_sender_restrictions = permit_mydomain, reject_mynetworks
>>>
>>> Where the details are hidden by restriction classes:
>>>
>>> /etc/postfix/main.cf:
>>> restriction_classes = permit_mydomain, reject_mynetworks
>>> permit_mydomain = check_sender_access hash:/etc/postfix/sender_access
>>> reject_mynetworks = check_client_access
>>> cidr:/etc/postfix/client_access.cidr
>>>
>>> hash:/etc/postfix/sender_access
>>> example.com permit
>>>
>>> /etc/postfix/client_access.cidr
>>> 192.168.0.0/24 reject must send mail as userexample.com
>>>
>>> Note that moving this into smtpd_recipient_restrictions would
>>> make this an open relay, as anyone can claim to have a sender
>>> address in your domain.
>>>
>>> Wietse
>>>
>>>
>> Many thanks for your replies, u really help a lot.
>>
>> I cannot understand why if we move the statement on the
>> smtpd_recipient_restricitons will end up on open relay.
>> Again check_sender_access will examine the MAIL FROM right?
>> and the client access the IP, right?
>>
>>
>
> permit_mydomain returns a "permit", so the message is accepted and no
> further checks are done. in particular, reject_unauth_destination is
> skipped.
>
> in short, if a spammer forges sends as joeexample.com, the message is
> accepted even if it goes to an external domain. and this is open relay
>
>
>
Open relay will not take place if the checks are included on
smtpd_sender_restrictions?
>
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]