I’m trying to prevent anonymous users from potentially being able to send email from one local user to another. If someone knows the email addresses of 2 accounts on my postfix server (2.10.1) it seems that they are able to send email between them from anywhere without authenticating. I tested this using telnet commands:
220 domain1.co.uk ESMTP Postfix
250-AUTH PLAIN LOGIN
MAIL FROM:[email protected]
250 2.1.0 Ok
RCPT TO:[email protected]
250 2.1.5 Ok
354 End data with .
250 2.0.0 Ok: queued as A002982019
221 2.0.0 Bye
I want to avoid anyone from being able to send between local domains unless they are either authenticated or from specific IP addresses (local ones for relay).
I think you are looking for
reject_unauthenticated_sender_login_mismatch, parameters for
smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch, ...
From the documentation:
- Reject the request when $smtpd_sender_login_maps specifies an owner for the MAIL FROM address, but the client is not (SASL) logged in as that MAIL FROM address owner; or when the client is (SASL) logged in, but the client login name doesn’t own the MAIL FROM address according to $smtpd_sender_login_maps.
- Enforces the reject_sender_login_mismatch restriction for unauthenticated clients only. This feature is available in Postfix version 2.1 and later.
The former is more restrictive, prohibiting e.g. [email protected] from sending mail as [email protected], even if authenticated. The latter will permit authenticated users to send mail from any email address.
permit_mynetworks should always appear first, and will allow anything from the IP addresses and CIDR ranges you specified in
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.