On Wed, 10 Jul 2024 at 09:06, Viktor Dukhovni via Postfix-users < postfix-users@postfix.org> wrote:
> > When you say "the client", what do you mean? Do applications do "direct > to MX" mail transmission? That seems odd, because they generally lack > the capability to queue and retry messages if there's a temporary error. > > Is "the client" Postfix, or really some application? > Yes, I mean clients other than Postfix. So for example, a user has a Wordpress site which is compromised to send spam, or a user logs in and sends email out in another way. Here's an example using swaks to send to an external email address. I'm running this on the mail server itself (but could be any machine on the LAN): $ swaks --to u...@protonmail.com --from m...@mydomain.com === Trying mail.protonmail.ch:25... === Connected to mail.protonmail.ch. <- 220-mailin054.protonmail.ch ESMTP Postfix <- 220 mailin054.protonmail.ch ESMTP Postfix -> EHLO fre.localdomain <- 250-mailin054.protonmail.ch ... etc. <- 250 2.0.0 Ok: queued as 4WJrYr75Phz3f -> QUIT <- 221 2.0.0 Bye === Connection closed with remote host. As you can see, it goes straight to the MX of the domain of the recipient. The same is true if I use mail.mailutils or other clients. So I was wondering how I might both allow sending but also (reliably) prevent abuse. Perhaps doing both isn't really possible? Jonathan
_______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
