Re: postfix security configuration
-----BEGIN PGP SIGNED MESSAGE-----
Am Montag, 11.08.03, um 12:59 Uhr (Europe/Zurich) schrieb Tomasz
If you want to prevent them from using non existing sender addresses
from your domain, you can do it by creating a file (lookup table) for
postmap(1), containing all allowed addresses with "OK" and another
table containing your domainname with "REJECT".
If you want to prevent them from using sender addresses from other
domain, it's also possible with properly prepared config.
If you want to prevent them from using other (not their own) sender
addresses from your domain, you must use SMTP AUTH, I'm afraid.
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
email@example.com http://www.lodz.tpsa.pl/ | ones and zeros.
To UNSUBSCRIBE, email to firstname.lastname@example.org
with a subject of "unsubscribe". Trouble? Contact
Theoretically there is another possibility. Actually pop-before-smtp
does nothing than watching the log file, picking the ip address of the
pop client and putting this address for a certain time into a postmap
for postfix. If you would use the user's email address as his pop3
login name (within a sql or ldap db, for example), one could take this
information and write it into another postmap file. This would
necessite some modification of the pop-before-smtp script, but I think
it wouldn't be too hard to implement. It wouldn't be perfect, though:
Imagine two users logged in at the same time. Under this situation each
user could "abuse" the other user's email address.
For a really secure system, there is no way around smtp auth.
pop-before-smtp relies on ip addresses. But what about NAT? Users
coming from a private masqueraded network, could misuse your server at
their pleasure, if one user from this network has logged into his pop3
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----