My Domain

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

My Domain

Monah Baki-2
Hi all,

Where in postfix.conf can I say any, email coming from the outside  
with my domain in the "From" field, Reject.


Thank you

BSD Networking, Microsoft Notworking



Reply | Threaded
Open this post in threaded view
|

Re: My Domain

d.hill
On Fri, 20 Jun 2008, Monah Baki wrote:

> Hi all,
>
> Where in postfix.conf can I say any, email coming from the outside with my
> domain in the "From" field, Reject.

By default, there is no postfix.conf. There is main.cf and master.cf.

You should post the results of:

   %postconf -n

if you are to get any help with your question. Without knowing how you
have Postfix set up, it would be hard to determine what you should do.
Reply | Threaded
Open this post in threaded view
|

Re: My Domain

Monah Baki-2


On Jun 20, 2008, at 6:44 AM, Duane Hill wrote:

> On Fri, 20 Jun 2008, Monah Baki wrote:
>
>> Hi all,
>>
>> Where in postfix.conf can I say any, email coming from the outside  
>> with my domain in the "From" field, Reject.
>
>



command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
daemon_directory = /usr/local/libexec/postfix
debug_peer_level = 2
html_directory = no
mailbox_size_limit = 500000000
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
mydestination = $mydomain, $myhostname
mydomain = vixaroy.com
myhostname = nebula.vixaroy.com
mynetworks = 127.0.0.0/8 192.168.3.0/24 67.100.188.203/32
mynetworks_style = subnet
myorigin = $mydomain
newaliases_path = /usr/local/bin/newaliases
readme_directory = no
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtpd_discard_ehlo_keywords = pipelining, silent-discard
smtpd_recipient_restrictions = permit_mynetworks,  
reject_unauth_destination, check_sender_access hash:/usr/local/etc/
postfix/sender_access
unknown_local_recipient_reject_code = 550
virtual_alias_domains = vixaroy.com
virtual_alias_maps = hash:/usr/local/etc/postfix/virtual


BSD Networking, Microsoft Notworking



Reply | Threaded
Open this post in threaded view
|

Re: My Domain

Wietse Venema
In reply to this post by Monah Baki-2
Monah Baki:
> Hi all,
>
> Where in postfix.conf can I say any, email coming from the outside  
> with my domain in the "From" field, Reject.

But then you would not have received your own posting to this
mailing list!

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: My Domain

Brian Evans - Postfix List
In reply to this post by Monah Baki-2
Monah Baki wrote:

>
>
> On Jun 20, 2008, at 6:44 AM, Duane Hill wrote:
>
>> On Fri, 20 Jun 2008, Monah Baki wrote:
>>
>>> Hi all,
>>>
>>> Where in postfix.conf can I say any, email coming from the outside
>>> with my domain in the "From" field, Reject.
>>
Why would you want to do this?
Header checks like this one would reject a lot of legitimate mail
including things sent through the sendmail command if no sender is used
among other things like Wietse pointed out.
>>
>
> mydestination = $mydomain, $myhostname
> mydomain = vixaroy.com
...
> virtual_alias_domains = vixaroy.com
As http://www.postfix.org/VIRTUAL_README.html says:  "NEVER list a
virtual alias domain name as a mydestination domain!"
Please choose one or the other.

Brian
Reply | Threaded
Open this post in threaded view
|

Re: My Domain

Jorey Bump
In reply to this post by Monah Baki-2
Monah Baki wrote, at 06/20/2008 06:30 AM:

> Where in postfix.conf can I say any, email coming from the outside with
> my domain in the "From" field, Reject.

Forget about the From: *header*, but you can check the envelope sender
(used in the SMTP MAIL FROM: command). In main.cf (no idea what
postfix.conf is) insert a check_sender_access map:

smtpd_recipient_restrictions =
     [...other directives...]
     permit_mynetworks
     permit_sasl_authenticated
     reject_unauth_destination
     check_sender_access hash:/etc/postfix/sender
     [...more directives...]

Assuming you control the following domains, /etc/postfix/sender would
look like this:

example.com   REJECT Sender domain is for authorized users only.
example.org   REJECT Sender domain is for authorized users only.
example.net   REJECT Sender domain is for authorized users only.

Remember to postmap the file and reload postfix.

If you look at the order of restrictions, you can see that only
authenticated users or machines in $mynetworks can bypass this
restriction. It's safe for mailing lists (it's enabled on the account
I'm using now). However, it may not be safe for all networks, depending
on the complexity of the domain's mail infrastructure. Only you can
tell. As for its effectiveness, these messages seem to come in waves, so
it's nice to have it around to kick in when you need it, if it's
appropriate for your site and its users.