[Dovecot] Using Dovecot-auth to return error code 450 (or other 4xx) to Postfix when user is on vacation

Charles Marcus CMarcus at Media-Brokers.com
Sun Jan 15 14:33:24 EET 2012


On 2012-01-14 12:23 PM, IVO GELOV (CRM) <ivo at crm.walltopia.com> wrote:
> I have downloaded the latest version 4.0 - but it seems there is no
> way to prevent spammers to use forged email addresses. I decided to
> remove the vacation feature from our corporate mail server, because
> it actually opens a backdoor (even though only when someone decides
> to activate his vacation auto-reply) for spammers and puts a risk on
> the company (our server can be blacklisted).

Sorry, I misread your message...

However, (I *think*) there *is* a simple solution to your problem, if I 
now understand it correctly...

Simply disallow anyone sending from an email address in your domain from 
sending without SASL_AUTHing...

The way I do this is:

in main.cf (I put all of my restrictions in 
smtpd_recipient_restrictions) add:

check_sender_access ${hash}/nospoof,

somewhere after reject_unauth_destination *but before any RBL checks)

where nospoof contains:

# Prevent spoofing from domains that we own
allowed_address1 at example.com OK
allowed_address2 at example.com OK
example.com  REJECT You must use sasl_auth to send from one of our 
example.com email addresses...

and of course be sure to postmap the nospoof database after making any 
changes...

-- 

Best regards,

Charles



More information about the dovecot mailing list