Re: postfix security configuration

To: Fallen Angel <mailoperator@uni.de>
Cc: debian-security@lists.debian.org
Subject: Re: postfix security configuration
From: Tomasz Papszun <tomek@lodz.tpsa.pl>
Date: Mon, 11 Aug 2003 12:59:21 +0200
Message-id: <[🔎] 20030811105921.GF9016@lodz.tpsa.pl>
In-reply-to: <[🔎] 20030810102616.B27716A88E@flash.ball.reliam.net>
References: <[🔎] 20030810102616.B27716A88E@flash.ball.reliam.net>

On Sun, 10 Aug 2003 at 10:26:16 +0000, Fallen Angel wrote:
> 
> my config:
> debian stable 3.0r1
> postfix
> qpopper 
> 
> I have a small problem: 
> 
> my smtp after pop3 configuration works fine, no open relay possible, but
> the authentificated users can fake their own e-mail address. 
> 
> How can I stop it, so they can only use the adress which were set up for
> them. 
> 
> thx for help 
> 
> Konstantin 

If you want to prevent them from using non existing sender addresses
from your domain, you can do it by creating a file (lookup table) for
postmap(1), containing all allowed addresses with "OK" and another
table containing your domainname with "REJECT".

If you want to prevent them from using sender addresses from other
domain, it's also possible with properly prepared config.

If you want to prevent them from using other (not their own) sender
addresses from your domain, you must use SMTP AUTH, I'm afraid.

-- 
 Tomasz Papszun   SysAdm @ TP S.A. Lodz, Poland  | And it's only
 tomek@lodz.tpsa.pl   http://www.lodz.tpsa.pl/   | ones and zeros.

Reply to:

Follow-Ups:
- Re: postfix security configuration
  - From: Marcel Weber <mmweber@ncpro.com>

References:
- postfix security configuration
  - From: "Fallen Angel" <mailoperator@uni.de>

Prev by Date: Re: DSA-361-2
Next by Date: Re: postfix security configuration
Previous by thread: postfix security configuration
Next by thread: Re: postfix security configuration
Index(es):
- Date
- Thread