I'm confused (go figure) on how to stop mail from sending over our smtp server that is from a domain that isn't our own? I've made it work before, but, it blocks mail that comes in from our salespeople who aren't inside of our network when they are sending mail. We used to use Mercury, and it had a nice little option that said "Do not permit relaying of non local mail". How do I make that work in here. Here's our postfix's main.cf file: # See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h # TLS parameters smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key smtpd_use_tls = yes smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. $myhostname = ****.com myhostname = ****.com alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = ****.com, ****.biz, mail.****.com, localhost.****.com, localhost, localhost.localdomain relayhost = mail.****.net mynetworks = 127.0.0.0/8, 192.0.0.0/8, 10.0.0.0/8 mailbox_command = procmail -a "$EXTENSION" mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all inet_protocols = all smtpd_sasl_local_domain = smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_sasl_authenticated,permit mynetworks,reject_unauth_destination smtpd_tls_auth_only = no smtp_use_tls = yes smtp_tls_note_starttls_offer = yes smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom default_process_limit = 5
The best way is to configure SMTP-auth for postfix and then set mynetworks = 127.0.0.0/8. You will find detailed instructions for several linux distributions in the perfect setup guides here on howtoforge.
