JDavila@??? wrote:
> How can I prevent Sender Forgery for my server. Alot of people in my
> company are getting e-mails from themselves. Any Ideas will be greatly
> appreciated.
>
Only allow local domains to be used on authenticated SMTP sessions on
the submission port. I'm doing this here since a long time with no
probs. Below is an excerpt of the relevant configuration stuff, stripped
down to the essentials for this problem.
This set up assumes that all messages originating from your domains are
sent out through your own servers and not any other ISP provider mail
relays! Otherwise you run into problems if one of your users sends out a
mail to a recipient within your local_domains, as the ISP smarthost
would then send a message to one of your users with a sender address out
of your local_domains.
But this should not be a problem if you run a submission port anyway,
simply instruct all users on how to connect the your mail server
regardless of their provider/location.
Oliver
# Port 25 and local submissions result in TRUE here
IS_MTA_PORT = or{ \
{eq{$interface_port}{25}} \
{eq{$interface_port}{-1}} \
}
# Use different RCPT ACLs for MTA and MUA
acl_smtp_rcpt = ${if IS_MTA_PORT {acl_check_rcpt}{acl_check_rcpt_mua}}
acl_check_rcpt:
# Deny if sender uses local_domains as a sender, which is not expected
here
deny sender_domains = +local_domains
log_message = SMTP-SENDER-ADDRESS-AUTH-ONLY
message = Sender Domain only allowed on authenticated
submission port sessions
acl_check_rcpt_mua:
# MUA must authenticate
deny message = Authentication is required to send messages
log_message = SMTP-SUBMISSION-NO-AUTHENTICATION
!authenticated = *
