restrict from field adress to the mail account adress

Discussion in 'Installation/Configuration' started by Robin-Masters, Aug 17, 2011.

  1. Robin-Masters

    Robin-Masters New Member


    i install and configure ISPConfig 3 on Ubuntu 10.04 and all works great.
    Only one Problem:

    I login in squirrelmail with my mail-adresse [email protected]
    and create some identities and can send mails with [email protected] or something like this - its a fake mailer.
    A problem if you have more then your own mail account on the Server - a great Problem....

    long story short: users should only use their specific mail adress.. note fake adresses in the from field.

    I have switch off identities in squirrelmail now - but its not a solution because with mail clients like thunderbird etc. you can create also identities.

    I look at howtowforge and the whole internet but cant find a solution....
    any ideas?

    dont post the link to the Postfix manual - i dont understand to find a solution with it ;-) (sry my english isnt very well)

    At the moment i use the dafault after the ISPConfig3 installation.
    smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/
    Last edited: Aug 17, 2011
  2. falko

    falko Super Moderator ISPConfig Developer

    It's a weakness in the SMTP protocol that you can fake sender addresses... :(
  3. Robin-Masters

    Robin-Masters New Member

    Thx for answering


    now i have insert two mail adresses in the Global Postfix Whitelist (sender) an add "reject" after "smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/" in the of postfix.

    so it looks at the moment:
    smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/ reject

    Now postfix only accept the mail-adresses in the Whitelist.

    But its only a inadequate restriction because [email protected] can send mails with [email protected] in the from field and [email protected] with [email protected]... but cant send as [email protected] for example.

    I hope someone understand my problem.
    I think all have the same problem if you follow the perfect server manual

    When the server has many accounts someone evil can use it as an anno-mailer... high security risk :eek:

Share This Page