2009/4/13 Antonis Rizopoulos <ariz...@yahoo.gr>: > When I connect to my server, from different networks, to port 25 I am > able to send emails to local users only without authenticate! It's like > bypassing Cyrus-SASL. > I know, of course, that I cannot block access to that port and allow > only authenticated users to send emails, because I won't receive mails > from web sites. But I think this is a huge security issue for my mail > server. > > I believe one fine solution to this issue would be like that: > > Somehow, when the command MAIL FROM:<u...@domani.tld> is executed, > Cyrus-SASL checks if User is found in the database, and if so, force > him to execute the AUTH command, otherwise (therefore the mail is sent > via webmail, so the user is unknown) allow to sent the email without any > authentication.
Is this not the expected behaviour? That's how you normally receive mail. Unless by "able to send emails to local users" you mean, a client can connect and send mail to r...@fqdn.of.your.server ? Can you explain your problem a little more clearly? An example would be good.
