SMTP-AUTH required for local domains?

postfix smtp-auth

I would try something like this:

/etc/postfix/main.cf:

smtpd_sender_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    check_sender_access hash:/etc/postfix/access_table,
    ...,
    permit

/etc/postfix/access_table:

mydomain.com        REJECT You're not me!

The theory is this:

If they've authenticated already, they trigger the permit_sasl_authenticated rule and are allowed through. If they're not authenticated, it bumps along to the check_sender_access rule. If the sender domain matches "mydomain.com" the sender is rejected. (So unauthed + MAIL FROM "mydomain.com" = reject.) If it's any other domain, it continues on to the rest of your rules.

NOTE: This is untested. I would stick a warn_if_reject in front of that check_sender_access rule before trying it on a production system.


On one server, where I have postfix with Dovecot with auth data in MySQL I did the following in main.cf:

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject

Related

Basic auth only if a certain header is present in the request?
ssh fails to execute remote command when run from cron bash script - works from CLI
Postifx header_checks not working
Unable to mount windows share in ubuntu
Copying files between linux machines with strong authentication without encryption
How to switch proxy settings via script?
How do you monitor your HP hardware while running virtual servers?
SELinux prevents Nagios plugins from running on RHEL6
Permissions or ACL for Scheduled Tasks
If $a_n\ge0$ and $\sum a_n$ converges then $\sum\sqrt{a_na_{n-1}}$ converges, what about the converse?
The map $f(u+v) = u - v$ is an isomorphism on a direct product
Prove that $\sqrt[5]{5} \notin \mathbb{Q}(e^\frac{2 \pi i}{25})$