# [Solved] Postfix: reject non existent local sender

## salam

Hello all,

I am trying to setup some security in postfix, the goal is:

1) any local sender has to be sasl logged in (permit_sasl_authenticated) - done

2) any local sender has to have MAIL FROM: matching the sasl login username (reject_sender_login_mismatch) - done, but users, which are not in maps are always permitted...sounds logical, because mails from remote locations would be discarded.

3) prevent any mail, which has a sender domain belonging to my server, to use locally-nonexistent MAIL FROM: ....need help

example:

local user abc@mydomain.com sends a mail as def@mydomain.com, while "def" is user that exists -> result=access denied(correct, because reject_sender_login_mismatch)

BUT

local user abc@mydomain.com sends a mail as xyz@mydomain.com, while "xyz" is nonexistent user -> mail is sent

The goal is, that every mail, which leaves my server, must have MAIL FROM: set to real, locally existing user and only to the username, who really did send the mail.

Any hints where to start will be welcomeLast edited by salam on Mon Feb 21, 2011 5:10 pm; edited 1 time in total

----------

## gerdesj

 *salam wrote:*   

> Hello all,
> 
> Any hints where to start will be welcome

 

Sorry to be a bore but the following got a huge number of hits and the first one I read seemed to indicate that the Postfix docs are pretty complete.

http://www.google.co.uk/search?q=postfix+enforce+sasl&ie=utf-8&oe=utf-8&aq=t&rls=org.gentoo:en-US:unofficial&client=firefox-a

Pick off each of your requirements one by one.  If you have a problem with a particular one then post back and you will find that responses for a single question will generally get answered.

I know you want to get it running quickly but this is not a commercial support forum.  Most people here will answer one line questions off the top of their heads but if they have to dig out the docs unless it is clear that you are simply having trouble understanding them then they probably wont bother.

There is nothing wrong with "newbie" questions and I am certain that you will always get help for that but there usually has to be some evidence that you have tried to have a go yourself.

I certainly speak for myself there  :Cool: 

Go on have a go, its the whole point of using Gentoo!

Cheers

Jon

----------

## salam

Fixed

reject_unlisted_sender was the last thing missing. I was a bit confused, because I didn't notice I test it on a domain which should be local by default, but I use virtual mapping for it as well. Test on pure virtual domains went well. Time to make some order in this half local-half virtual domain...

----------

