On Dec 19, 10:49 pm, "Mark-Tim Junghanns" <m...@markjunghanns.de>
wrote:
> "Trix" <trix...@gmail.com> schrieb im Newsbeitragnews:1166518121.110983.54000@80g2000cwy .googlegroups.com...
>
> > Does anyone know of a method whereby we can reject messages that are
> > being relayed that are supposedly coming from the recipient?
> We have a pop-before-smtp mechanism and SMTP-Auth in place. These two
> instances are working perfectly.

Thanks very much for the suggestions. Unfortunately, neither of those
are useful for our requirements, since I neglected to mention the fact
that the Postfix servers are internet-facing gateway MTAs for our
organisation. They don't hold any mailboxes, and users don't connect to
them.

What I've decided to do is put in an smtpd_sender_restriction (after
permit_mynetworks and permit_sasl_authenticated, since we do have that
for "private" networks in our organisation), and use that to
reject_unlisted_sender for *all* senders purporting to be from our
domain.