Prevent anyone from sending email between local users

user180685 asked:

I’m trying to prevent anonymous users from potentially being able to send email from one local user to another. If someone knows the email addresses of 2 accounts on my postfix server (2.10.1) it seems that they are able to send email between them from anywhere without authenticating. I tested this using telnet commands:

220 ESMTP Postfix
250-SIZE 10240000
250 DSN
MAIL FROM:[email protected]
250 2.1.0 Ok
RCPT TO:[email protected]
250 2.1.5 Ok
354 End data with .
250 2.0.0 Ok: queued as A002982019
221 2.0.0 Bye

I want to avoid anyone from being able to send between local domains unless they are either authenticated or from specific IP addresses (local ones for relay).

My answer:

I think you are looking for reject_sender_login_mismatch or reject_unauthenticated_sender_login_mismatch, parameters for smtpd_sender_restrictions.

For example:

smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch, ...

From the documentation:

Reject the request when $smtpd_sender_login_maps specifies an owner for the MAIL FROM address, but the client is not (SASL) logged in as that MAIL FROM address owner; or when the client is (SASL) logged in, but the client login name doesn’t own the MAIL FROM address according to $smtpd_sender_login_maps.
Enforces the reject_sender_login_mismatch restriction for unauthenticated clients only. This feature is available in Postfix version 2.1 and later.

The former is more restrictive, prohibiting e.g. [email protected] from sending mail as [email protected], even if authenticated. The latter will permit authenticated users to send mail from any email address.

permit_mynetworks should always appear first, and will allow anything from the IP addresses and CIDR ranges you specified in mynetworks.

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.