How to restrict the field "From" mismatch for emails and prevent outbound mail spoofing?

Follow

Comments

4 comments

  • Avatar
    Siniša Burina

    Hi!

    On Debian jessie, with postfix version 2.11.3-1+deb8u2, I'm getting the following notification in the log file, and the solution does not work:

    warning: restriction `reject_authenticated_sender_login_mismatch' ignored: no SASL support
    warning: restriction `reject_unauthenticated_sender_login_mismatch' ignored: no SASL support

    Can you please advise?

     

  • Avatar
    Siniša Burina

    Solved!

    Here's the information, in case someone else bumps into the same issue.

    The above-mentioned restriction, if put into the main.cf file, actually gets enabled to both incoming SMTP connections and submissions, which is not what we really want. So, instead of configuring it in main.cf, put it in master.cf, submission config:

    submission inet n - - - - smtpd
    -o smtpd_enforce_tls=no
    -o smtpd_tls_security_level=may
    -o smtpd_sasl_auth_enable=yes
    -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    -o smtpd_sender_restrictions=reject_authenticated_sender_login_mismatch
    -o smtpd_recipient_restrictions=$submission_recipient_restrictions
    -o smtpd_end_of_data_restrictions=$submission_end_of_data_restrictions

    Et voila! :)

  • Avatar
    Alexandr Redikultsev

    Hi @Siniša Burina!

    Thanks for sharing!

  • Avatar
    Siniša Burina

    Hey! What happened to my previous post? Was it dangerous in some way so you decided to remove it?

Please sign in to leave a comment.

Have more questions? Submit a request