Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Noel Jones (njonesmegan.vbhcs.org)
Date: Sat Aug 21 2010 - 11:07:06 CDT
On 8/21/2010 12:18 AM, Jerrale G wrote:
> I don't think you get it. I'm concerned that, if they don't
> authenticate with postfix - the purpose of popb4smtp, their
> sender authenticated header will not be in the message header
> for postfix to reject a bogus sender address. If it did, I
> wouldn't be asking the question.
> As said, the only way I can think of having postfix to
> validate the sender address is by a global general check
> allowing anyone to use any email address, as outgoing, that is
> hosted with postfix. Meaning, if you are
> foosheltoncomputers.com, you would be able to send mail with
> the sender address barsheltoncomputers.com as long as it
> exists as an email address or alias on our systems but at
> least you wouldn't be able to do a bogus sender address of
> nonexistentaddressnonexistentdomain.com; it wouldn't be hard
> to trace who sent spam
> I'm asking for an alternative way than this, if sender
> authenticated header doesn't work.
> Thank you
> Jerrale G
> S C
The alternative you are looking for is SMTP AUTH. That's the
standard authentication method supported by postfix and
virtually all mail clients.
pop-before-smtp is a hack and will never be considered a
standard authentication method and will never be directly
supported in postfix.
You could write a policy service that validates the sender
address when using pop-before-smtp, but your time would be
better spent implementing SMTP AUTH.
-- Noel Jones