Dear friends, I have problem with my postfix configuration, I have enable SASL for postfix and now authentication works well for my clients but right now anyboy can send email from my local domain to local domain without authentication and cause of that I have lots of attacks. How can I force that if sender is my localdomain it must authenticate?! Here is my postfix configuration: main.cf: smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining, reject_rbl_client zen.spamhaus.org, smtpd_helo_restrictions = permit_mynetworks, #reject_non_fqdn_hostname, reject_invalid_hostname smtpd_sender_restriction = permit_mynetworks, permit_sasl_authenticated, check_sender_access hash:/etc/postfix/access_table reject_unknown_sender_domain, reject_non_fqdn_sender smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname, reject_unauth_pipelining, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unverified_recipient, reject_unauth_destination, check_policy_service unix:private/policy-spf, permit
master.cf: smtp inet n - - - - smtpd
-o content_filter=spamassassin submission inet n - - - - smtpd -o smtpd_tls_security_level=may -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING -o content_filter=spamassassin smtps inet n - - - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING spamassassin unix - n n - - pipe user=nobody argv=/usr/bin/spamc -e /usr/sbin/sendmail -oi -f ${sender} ${recipient} policy-spf unix - n n - - spawn user=nobody argv=/usr/bin/perl /usr/sbin/postfix-policyd-spf-perl
access_table: mydomain.com REJECT You're not me! Thanks -- Regards, Shahab Vahabzadeh, Network Engineer and System Administrator Cell Phone: +1 (415) 871 0742 PGP Key Fingerprint = 8E34 B335 D702 0CA7 5A81 C2EE 76A2 46C2 5367 BF90