1. Store
  2. Apps
  3. Hardware
  4. Support
  5. Solutions


ClearOS ClearFoundation and ClearCenter have moved to the new website ClearOS.com (https://clearos.com). We are making this change in order to improve search and exposure of ClearOS to the world. There are several improvements that are being made and some that are still on the table for development. The forums are now live on clearos.com and locked on this site until all the redirects are in place. If you have issues using the new site, feel free to ask on the #clearfoundation room in IRC chat on freenode.net or engage with a chat agent on the site if they are around. Our goal is to complete this step so that we can be properly ready for the types of communication that will be essential for the release of ClearOS 7!
Welcome, Guest
Postfix Address masquerade Forum is locked
(1 viewing) 1 Guest
Go to bottomPage: 1
TOPIC: Postfix Address masquerade
Postfix Address masquerade 4 Years, 2 Months ago  
i freshly configured mail server and for now it's working smoothly. currently my domain is mydomain.com and i have different users.
i have smtp authentication set to on. and users can send mails as well. user can send mail with any from address
i.e user can send mail from abc@gmail.com,pop@yahoo.com.....they can send mail with any email address to anyone. but i am more concerned with the security and think if any one abuses this it would be a great problem.
so i googled and found Address masquerade in postfx. so i tried

masquerade_classes = envelope_sender, envelope_recipient, header_sender, header_recipient
masquerade_domains = !mydomain.com mydomain.com

i tried it but its not working to convert the domain name of the sender to mydomain.com
it's not working and i can't even force user to use their own email address.
any user permitted to use the mail can login with their credentials and are capable of sending mail with any email address despite of their own email address and are able to create fake mail.
could any one please help me with this
it would be fun to solve this issue

Pramod Giri
Senior Boarder
Posts: 58
User Offline Click here to see the profile of this user
The topic has been locked.
Re:Postfix Address masquerade 4 Years, 2 Months ago  
I don't think you can use Postfix or any other SMTP server to rewrite arbitrary forged sender email adresses to the authorized ones. First of all, how would Postfix know which address fakeaddress@fakedomaine should be rewritten to: I@yourdomaine or you@yourdomaine? IP addresses are not usefull since workstations in effect can connect from any IP address on the internet (think laptops and smart phones) and MAC addresses are easily faked.

It is, however, quite possible to block sending emails not originating from your private IP segment. That is COS standard behaviour to avoid acting as an open relay. It should also be easy to block sending emails that do not use your domaine, therby limiting the scope for deception to I@yourdomaine being sent as you@yourdomaine. Should that ever happen, my advise would be that the best error correction procedure available, is you slugging I.

The above illustrative example is in no way meant to be taken as an invitation.

Peter Broch
Platinum Boarder
Posts: 457
User Offline Click here to see the profile of this user
The topic has been locked.
Re:Postfix Address masquerade 4 Years, 2 Months ago  
There's fairly easy way to reject unauthorized sender domains on Postix, if the server is used for your organization OUTGOING mail ONLY. You can whitelist authorized sender domains, and Postfix will reject all email coming from unauthorized sender domains:

sender verification

However, this is NOT viable solution for mailservers that are used for both INCOMING and OUTGOING mail, as you'll break receiving of all external (internet) INCOMING mail.
Junior Boarder
Posts: 21
User Offline Click here to see the profile of this user
The topic has been locked.
Go to topPage: 1
  get the latest posts directly to your desktop