<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Hallo zusammen,<div class=""><br class=""></div><div class="">meine Installation akzeptiert aktuell das Versenden von allen E-Mail Adressen.</div><div class="">Also angenommen die E-Mail Adresse <a href="mailto:info@example.com" class="">info@example.com</a> ist auf meinem Server und DNS zeigt auch auf meinen Server.</div><div class="">Wenn dieser User sich jetzt in Roundcube einloggt und hier eine Identität anlegt als <a href="mailto:test@test.de" class="">test@test.de</a> (Identitäten anlegen habe ich normal gesperrt nur jetzt zu Testzwecken aktiviert!) und unter dieser Identität eine E-Mail versenden möchte funktioniert das.</div><div class="">Da gegen dieses Problem ja eigentlich SPF eine gute Abhilfe ist ist das jetzt wie ich finde nicht das Problem.</div><div class="">Was ich allerdings sicherstellen möchte ist das wenn auf dem Mailserver auch noch die Domain @<a href="http://heise.de" class="">heise.de</a> eingerichtet ist von einem anderen Benutzer, das <a href="mailto:info@example.com" class="">info@example.com</a> nicht per Identität als @<a href="http://heise.de" class="">heise.de</a> versenden kann, da dann ja natürlich auch SPF nicht Alarm schlägt weil es ja vom richtigen Server versendet wurde.</div><div class="">Nach langer Suche in der Doku und etlichen Varianten die ich probiert habe bekomme ich es einfach nicht so hin wie ich es mir wünsche.</div><div class="">Hat hier irgendjemand einen Tipp für mich wie ich dies am besten mache?</div><div class=""><br class=""></div><div class="">Ich würde mir gerne reject_sender_login_mismatch sparen wenn es geht da aktuell Postfix nur von den Domains bescheid weis und alles weitere wie Authentifizierung von Dovecot gemacht wird.</div><div class="">Ich möchte hier eine doppelt und dreifache Abfrage der MySQL Datenbank verhindern um den Mailserver so performant wie möglich zu betreiben.</div><div class=""><br class=""></div><div class="">Anbei noch meine postfix main.cf:</div><div class=""><div class=""># See /usr/share/postfix/main.cf.dist for a commented, more complete version</div><div class=""><br class=""></div><div class=""># Debian specific: Specifying a file name will cause the first</div><div class=""># line of that file to be used as the name. The Debian default</div><div class=""># is /etc/mailname.</div><div class="">#myorigin = /etc/mailname</div><div class=""><br class=""></div><div class="">smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)</div><div class="">biff = no</div><div class=""><br class=""></div><div class=""># appending .domain is the MUA's job.</div><div class="">append_dot_mydomain = no</div><div class=""><br class=""></div><div class=""># Disable Mailbox Size Limit</div><div class="">mailbox_size_limit = 0</div><div class=""><br class=""></div><div class=""># Increase Message Size Limit</div><div class="">message_size_limit = 104857600</div><div class=""><br class=""></div><div class=""># Uncomment the next line to generate "delayed mail" warnings</div><div class="">#delay_warning_time = 4h</div><div class=""><br class=""></div><div class="">readme_directory = no</div><div class=""><br class=""></div><div class=""># helo vom client erfordert</div><div class="">smtpd_helo_required = yes</div><div class=""><br class=""></div><div class="">##### TLS settings ######</div><div class="">tls_ssl_options = NO_COMPRESSION</div><div class="">tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA</div><div class=""><br class=""></div><div class="">### outgoing connections ###</div><div class="">smtp_tls_security_level=may</div><div class="">smtp_tls_protocols = !SSLv2, !SSLv3</div><div class="">smtp_tls_ciphers = high</div><div class="">smtp_tls_loglevel = 1</div><div class="">smtp_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem</div><div class="">smtp_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key</div><div class="">smtp_tls_session_cache_database = btree:$data_directory/smtp_scache</div><div class=""><br class=""></div><div class="">### incoming connections ###</div><div class="">smtpd_tls_auth_only = yes</div><div class="">smtpd_tls_security_level=may</div><div class="">smtpd_tls_protocols = !SSLv2, !SSLv3</div><div class="">smtpd_tls_ciphers = high</div><div class="">smtpd_tls_loglevel = 0</div><div class="">smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem</div><div class="">smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key</div><div class="">smtpd_tls_session_cache_database = btree:$data_directory/smtpd_scache</div><div class=""><br class=""></div><div class=""># SASL Auth</div><div class="">smtpd_sasl_type = dovecot</div><div class="">smtpd_sasl_path = private/auth</div><div class="">smtpd_sasl_auth_enable = yes</div><div class="">smtpd_sasl_security_options = noanonymous, noplaintext</div><div class="">smtpd_sasl_tls_security_options = noanonymous</div><div class="">broken_sasl_auth_clients = yes</div><div class=""><br class=""></div><div class=""># Network</div><div class="">myhostname = <a href="http://mailserver.example.com" class="">mailserver.example.com</a></div><div class="">myorigin = <a href="http://mailserver.example.com" class="">mailserver.example.com</a></div><div class="">mydestination = localhost <a href="http://mailserver.example.com" class="">mailserver.example.com</a></div><div class="">mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128</div><div class="">recipient_delimiter = +</div><div class="">inet_interfaces = all</div><div class="">inet_protocols = all</div><div class="">unverified_recipient_reject_code = 550</div><div class=""><br class=""></div><div class="">smtpd_relay_restrictions = </div><div class=""> reject_non_fqdn_recipient</div><div class=""> reject_non_fqdn_sender</div><div class=""> reject_unknown_sender_domain</div><div class=""> reject_unknown_recipient_domain</div><div class=""> reject_unverified_recipient</div><div class=""> reject_unlisted_sender</div><div class=""> reject_unlisted_recipient</div><div class=""> permit_sasl_authenticated</div><div class=""> permit_mynetworks</div><div class=""> check_policy_service inet:127.0.0.1:10023</div><div class=""> reject_invalid_hostname</div><div class=""> reject_unknown_helo_hostname</div><div class=""> reject_unauth_destination</div><div class=""> reject_sender_login_mismatch</div><div class=""> reject_multi_recipient_bounce</div><div class=""> reject_non_fqdn_helo_hostname</div><div class=""> reject_invalid_helo_hostname</div><div class=""> check_policy_service unix:private/quota-status</div><div class=""> permit</div><div class=""><br class=""></div><div class=""># MySQL Connection</div><div class="">virtual_alias_maps = proxy:mysql:/etc/postfix/virtual/mysql-virtual-user-aliases.cf, proxy:mysql:/etc/postfix/virtual/mysql-virtual-domain-aliases.cf</div><div class="">relay_domains = proxy:mysql:/etc/postfix/virtual/mysql-virtual-mailbox-domains.cf</div><div class="">transport_maps = proxy:mysql:/etc/postfix/virtual/mysql-virtual-transports.cf, $relay_domains</div></div><div class=""><br class=""></div><div class="">Gruß</div><div class="">Flo</div></body></html>