preventing mail spoofing from internal net
Jens Bruckmann
I'd like to know if there is any possibilty to prevent mail-spoofing from
the INTERNAL, trusted network by using the smtpd_*_restrictions?
We have the upcoming situation, when you connect to the mail-host from the
internal network it responds with the follwoing:
220 mailhost ESMTP Postfix on Nintendo Gameboy Color (ZX81)
helo du
250 mailhost
mail from: b...@internal.com
250 Ok
rcpt to: som...@outside.com
250 Ok
.....
The goal is to teach postfix that it has to deny the relaying for the domain
internal.com because it does not belong to our domains given in
$mydestination.
If you had any idea I was very pleased to get to know..... :-)
Thank you,
Jens
--
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net
-
To unsubscribe, send mail to majo...@postfix.org with content
(not subject): unsubscribe postfix-users
Erwan David
> Hi folks,
>
> I'd like to know if there is any possibilty to prevent mail-spoofing from
> the INTERNAL, trusted network by using the smtpd_*_restrictions?
>
> We have the upcoming situation, when you connect to the mail-host from the
> internal network it responds with the follwoing:
>
> 220 mailhost ESMTP Postfix on Nintendo Gameboy Color (ZX81)
> helo du
> 250 mailhost
> mail from: b...@internal.com
> 250 Ok
> rcpt to: som...@outside.com
> 250 Ok
>
> .....
>
> The goal is to teach postfix that it has to deny the relaying for the domain
> internal.com because it does not belong to our domains given in
> $mydestination.
>
> If you had any idea I was very pleased to get to know..... :-)
I have no idea how to do it, but I know why I would not want to be one
of your users. You deny them the possibility to forward mails by doing
this or to send mail with a different from.
Bad...
--
Erwan David
==========================================================
Trusted Logic Tel: +33 1 30 97 25 03
5 rue du Bailliage Std: +33 1 30 97 25 00
78000 Versailles Fax: +33 1 30 97 25 19
France
Sven Michels
> The goal is to teach postfix that it has to deny the relaying for the domain
> internal.com because it does not belong to our domains given in
> $mydestination.
>
> If you had any idea I was very pleased to get to know..... :-)
main.cf:
smtpd_restriction_classes = mail_from_internal
mail_from_internal = check_sender_access hash:/etc/postfix/mail_from_internal,
reject
smtpd_recipient_restrictions = ...
check_client_access
hash:/etc/postfix/client_access_internal,
permit_mynetworks,
...
in client_access_internal:
yoursubnet mail_from_internal
replace yoursubnet by 192.168.0 if you use 192.168.0.0/24 ...
and in /etc/postfix/mail_from_internal:
yourdomain.com OK
that should do what you want..
--
intraDAT AG http://www.intradat.com
Wilhelm-Leuschner-Strasse 7 Tel: +49 69-25629-0
D - 60329 Frankfurt am Main Fax: +49 69-25629-256
Sven Michels
> I have no idea how to do it, but I know why I would not want to be one
> of your users. You deny them the possibility to forward mails by doing
> this or to send mail with a different from.
> Bad...
forwarding is ok, but you cannot 'resend' them. Thats a problem
in some cases yes. but if you're in a company, local policy can
say that you don't allowed to send private or non company related
mails ...
Ralf Hildebrandt
> Hi folks,
>
> I'd like to know if there is any possibilty to prevent mail-spoofing from
> the INTERNAL, trusted network by using the smtpd_*_restrictions?
User restriction classes based on IP.
> The goal is to teach postfix that it has to deny the relaying for the domain
> internal.com because it does not belong to our domains given in
> $mydestination.
Postfix doesn't relay by default. If it does, you have misconfigured it.
--
Ralf Hildebrandt http://www.arschkrebs.de
Remember, all software sucks. Some sucks more, and some sucks less. But it
sucks regardless. If I want to see something elegant I go look for a piece
of art.