3:32 p.m.
hola amigos, tengo dos postfix una relay y otro interno en la empresa, el
problema es que desde el relay no me rechaza los dominios falseados,
segurmatica me mando un correo donde se puso dominio yahoo.es y me estro
como si nada, ademas en el interno yo me cambio el domino por cualquiera
que no sea el mio y los correo les llega a los demas perfectamente. como
puedo evitar esto?
main.cf del relay
smtpd_helo_required = yes
smtpd_etrn_restrictions = reject
smtpd_data_restrictions = reject_unauth_pipelining,
reject_multi_recipient_bounce
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_helo_hostname
smtpd_sender_restrictions = permit_mynetworks,
reject_non_fqdn_recipient,
permit_sasl_authenticated,
reject_unauth_destination,
reject_unlisted_recipient,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client dnsbl.antispam.or.id,
permit
smtpd_relay_restrictions = check_sender_access
regexp:$filtros/remitentes_bloqueados,
permit_mynetworks, permit_sasl_authenticated,
defer_unauth_destination
smtpd_client_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
#reject
# Evitando suplantacion la de identidad
restrictive = reject_sender_login_mismatch
permissive = permit
smtpd_restriction_classes = restrictive, permissive
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_unknown_reverse_client_hostname,
reject_non_fqdn_recipient,
reject_unlisted_sender,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client dnsbl.antispam.or.id,
#reject_authenticated_sender_login_mismatch,
reject_unknown_recipient_domain,
check_policy_service inet:127.0.0.1:10023
reject_rbl_client dnsbl.sorbs.net,
#reject_rbl_client b.barracudacentral.org
check_policy_service unix:private/policy-spf,
#reject
policy-spf_time_limit = 3600s