Univention Bugzilla – Bug 44357
prevent spam with forged address from own email domain
Last modified: 2018-09-14 06:26:49 CEST
Mails with a FROM address of the own domain is accepted on all UCS mail servers. In the case where all mails are generated or submitted directly on the external mail server (groupware/webmail/email clients), it shouldn't accept emails from unauthenticated sources with a FROM address of the own domain. This would prevent spam with a forged email address to be accepted. Customer case: https://help.univention.com/t/probleme-mit-unauthorisierten-internen-mailversand-postfix-dovecot-sasl-auth/5464 This can probably implemented using reject_sender_login_mismatch and smtpd_sender_login_maps: * http://www.postfix.org/postconf.5.html#reject_sender_login_mismatch * http://www.postfix.org/postconf.5.html#smtpd_sender_login_maps
(In reply to Daniel Tröder from comment #0) > This can probably implemented using reject_sender_login_mismatch and > smtpd_sender_login_maps: > * http://www.postfix.org/postconf.5.html#reject_sender_login_mismatch > * http://www.postfix.org/postconf.5.html#smtpd_sender_login_maps On port 25 authentication is not supported. So *_sender_login_{mismatch,maps} won't work. I think check_sender_access in smtpd_{sender,recipient}_restrictions may work: smtpd_sender_restrictions = permit_mynetworks, \ check_sender_access hash:/etc/postfix/sender_access ---[/etc/postfix/sender_access]--- mydomain.com REJECT ---[cut]---
also reported in forum: https://help.univention.com/t/kopano-smtp-offen-fur-alle-bei-internen-mails/8236
*** This bug has been marked as a duplicate of bug 40609 ***