[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SMTP Authentication for Local Domain in Postfix

Subject: SMTP Authentication for Local Domain in Postfix
From: sh.vahabzadeh at gmail.com (Shahab Vahabzadeh)
Date: Thu, 15 Aug 2013 15:15:15 +0430

Dear friends,
I have problem with my postfix configuration, I have enable SASL for
postfix and now authentication works well for my clients but right now
anyboy can send email from my local domain to local domain without
authentication and cause of that I have lots of attacks.
How can I force that if sender is my localdomain it must authenticate?!
Here is my postfix configuration:

main.cf:

smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain = $myhostname
> smtpd_sasl_security_options = noanonymous
> broken_sasl_auth_clients = yes
> smtpd_sasl_authenticated_header = yes
> smtpd_client_restrictions =
>     permit_mynetworks,
>     permit_sasl_authenticated,
>     reject_unauth_pipelining,
>     reject_rbl_client zen.spamhaus.org,
> smtpd_helo_restrictions =
>     permit_mynetworks,
>     #reject_non_fqdn_hostname,
>     reject_invalid_hostname
> smtpd_sender_restriction =
>     permit_mynetworks,
>     permit_sasl_authenticated,
>     check_sender_access hash:/etc/postfix/access_table
>     reject_unknown_sender_domain,
>     reject_non_fqdn_sender
> smtpd_recipient_restrictions =
>     permit_mynetworks,
>     permit_sasl_authenticated,
>     reject_invalid_hostname,
>     reject_unauth_pipelining,
>     reject_non_fqdn_sender,
>     reject_unknown_sender_domain,
>     reject_non_fqdn_recipient,
>     reject_unknown_recipient_domain,
>     reject_unverified_recipient,
>     reject_unauth_destination,
>     check_policy_service unix:private/policy-spf,
>     permit


master.cf:

smtp      inet  n       -       -       -       -       smtpd
>   -o content_filter=spamassassin
> submission inet n       -       -       -       -       smtpd
>   -o smtpd_tls_security_level=may
>   -o smtpd_sasl_auth_enable=yes
>   -o smtpd_client_restrictions=permit_sasl_authenticated,reject
>   -o milter_macro_daemon_name=ORIGINATING
>   -o content_filter=spamassassin
> smtps     inet  n       -       -       -       -       smtpd
>   -o smtpd_tls_wrappermode=yes
>   -o smtpd_sasl_auth_enable=yes
>   -o smtpd_client_restrictions=permit_sasl_authenticated,reject
>   -o milter_macro_daemon_name=ORIGINATING
> spamassassin
>           unix  -       n       n       -       -       pipe
>    user=nobody argv=/usr/bin/spamc -e /usr/sbin/sendmail -oi -f ${sender}
> ${recipient}
> policy-spf  unix  -       n       n       -       -       spawn
>     user=nobody argv=/usr/bin/perl /usr/sbin/postfix-policyd-spf-perl


access_table:

mydomain.com        REJECT You're not me!



Thanks

-- 
Regards,
Shahab Vahabzadeh, Network Engineer and System Administrator

Cell Phone: +1 (415) 871 0742
PGP Key Fingerprint = 8E34 B335 D702 0CA7 5A81  C2EE 76A2 46C2 5367 BF90

Follow-Ups:
- SMTP Authentication for Local Domain in Postfix
  - From: daniel.crompton at gmail.com (Daniël W. Crompton)

Prev by Date: How big is the Internet?
Next by Date: SMTP Authentication for Local Domain in Postfix
Previous by thread: CNN broadcasting online free? Hogging my bandwidth...
Next by thread: SMTP Authentication for Local Domain in Postfix
Index(es):
- Date
- Thread