"Alan" == Alan Batie
"Re: SPF-compliant phishing?"
Sat, 18 Sep 2004 11:54:17 -0700
Alan> On Fri, Sep 17, 2004 at 11:49:24AM -0400, Scott Kitterman
Alan> wrote:
>> Yes. Absolutely. Problem is, how many commercial SMTP
>> operators do that today? Answer near as I can tell is almost
>> none. More and more are doing the authentication, but allowing
>> clients to use non-local addresses, but only ones that belong
>> to them seems to be very rare.
Alan> As far as I know, the software doesn't support it. Point me
Alan> at instructions for getting sendmail and/or postfix
Not a recipe but the needed information is given by 'man postconf(5)'.
The Postfix distribution and web site also contain SASL and TLS
READMEs. Those have been there for a couple of years IIRC. The
Debian package "just worked" sometime ago as below.
,----[ postconf mail_version;postconf -n|egrep'smtpd_(sasl|tls|sender_log)' ]
mail_version = 2.1.4
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sender_login_maps = hash:/etc/postfix/sender-login-maps
smtpd_tls_CApath = /etc/ssl/certs
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/server.pem
smtpd_tls_loglevel = 0
`----
,----[ Fabricated example of /etc/postfix/sender-login-maps entries ]
joe(_at_)example(_dot_)com joe(_at_)example(_dot_)com
able(_at_)acme(_dot_)com jack(_at_)example(_dot_)com
baker(_at_)emca(_dot_)com jack(_at_)example(_dot_)com
jackoat(_at_)example(_dot_)com jack(_at_)example(_dot_)com
`----
The LHS of the sender-login-maps are authorized sender addresses, only
the authenticated user on the RHS is authorized to use that address.
HTH
jam