I'm trying to configure a postfix mailserver and I have a doubt related to parameters like smtpd_reject_unlisted_sender
and that sort of things.
Of course, I would like to configure my server in such a way if a client (for example, john@mydomain.com), being "mydomain.com" a hosted domain of my server, using its SMTP Client MUA (like Outlook or Thunderbird), tries to send an email from a from
address different to john
, the request is rejected, and also reject every mail sended from an unknown "sender", unless this sender belongs to other "secure"/"existent" domain.
I know how can I configure these sort of things, but I don't know what is the "scope" of these restrinctions.
Concrete example: if I set smtpd_reject_unlist_sender
to on
, and alice@gmail.com sends an email to john@mydomain.com, alice's mail will be rejected, since it's an unknown sender? I don't want to reject these type of emails, and postfix configuration doesn't specify to which address classes belongs each *_reject_*
parameter (default, hosted or canonical).
Best Answer
Postfix provides several “checks” that can be evaluated at different “stages” of the incoming SMTP connection. “checks” are something like “is the remote client SASL-Authenticated?”, “is the remote client providing an FQDN HELO Hostname?”, “is the remote client asking for SMTP pipelining?”, as well as “is the remote client blacklisted in some RBL?” or “is the remote client connecting from one of my IP subnet”?
Such checks can be evaluated at different stage of the SMTP transaction:
as well as at other stages.
Restrictions/Directives above, can be combined as in the following example (please note that “...restrictions are applied in the order as specified; the first restriction that matches wins”):
In order to properly LOG useful information that might not be known in the “smtpd_client_restrictions” (or other) context, the parameter “smtpd_delay_reject=yes” might be useful, as it will delay the “rejection time”, so to collect other infos (the recipient, for example, very useful to properly troubleshoot problems with end users complaining for missing received mail).
Postfix is a very complex system and, as such, is extremely flexible and powerful. You can find lots of information in the official web-pages (es.: http://www.postfix.org/postconf.5.html) that, BTW, includes also some useful configs that can be used as a starting point for your own setup (http://www.postfix.org/STANDARD_CONFIGURATION_README.html)
P.S.: please, be “kind” with this answer as... it's my first POST in the ServerFault/StackExchange arena ;-)