I was just thinking today that if anyone knew a valid email address on
my Postfix mail server, anyone could simply telnet to it (assuming
they're on a trusted network / mynetworks) and send mail posed as that
valid email address. I know this is not a huge security deal since
it's come from a client listed in the mynetworks parameter but
sometimes we have not so nice people we are forced to trust. Does this
sound correct to anyone here? Normally on any mail client you need a
username / password to send / receive email for a specific user but in
the case of Telnet or just sending, it appears this is not required.
Is there something I over looked?
