Additional antirelay
Hi,
Sun Java(tm) System Messaging Server 6.2-6.01 (built Apr 3 2006)
libimta.so 6.2-6.01 (built 11:20:35, Apr 3 2006)
SunOS mta-fe02 5.10 Generic_118833-03 sun4u sparc SUNW,Sun-Fire-V240
1. I want to block all non-authenticated smtp traffic from local domains. ie. if e-mail is from local domain must be authenticated, regardless of recipient (for example default anti-relay allows mail from fake@domain.com to be delivered to existing_local_user@domain.com) (mustsaslserver + mappings, does anyone have ready mapping which uses ldap query? (with sunprefereddomain?))
2. Authenticated users are allowed to relay e-mail,. How to prevent them to use in From: field valid e-mail adresses of other users? (ie. If relay, then from must not be local)
Neven
[793 byte] By [
gljivaa] at [2007-11-26 21:14:05]
# 1
Hi,
> 1. I want to block all non-authenticated smtp traffic
> from local domains. ie. if e-mail is from local
> domain must be authenticated, regardless of recipient
> (for example default anti-relay allows mail from
> fake@domain.com to be delivered to
> existing_local_user@domain.com) (mustsaslserver +
> mappings, does anyone have ready mapping which uses
> ldap query? (with sunprefereddomain?))
You can't force mustsaslserver based on the from address (since you are past the point of negotiating a SASL session). What you could do is have a mapping rule at the FROM_ACCESS level for say tcp_local (and maybe tcp_submit and tcp_intranet) which does an ldap query as you noted and rejects the mail from: with an appropriate error. Don't have an example handy at the moment though.
> 2. Authenticated users are allowed to relay e-mail,.
> How to prevent them to use in From: field valid
> e-mail adresses of other users? (ie. If relay, then
> from must not be local)
This is already documented (read though all of this section to get a few ideas on how it can be done):
http://docs.sun.com/app/docs/doc/819-2650/6n4u4dts7?a=view#bgauq
Regards,
Shane.
