Zitat von Alexandru Florescu <a...@acasa.ro>:
Hello everybody.I have a issue with postfix. Consider the following scenario: I telnet to my web server from another location (bar.com) and I start executing commands. Connected to foo.com. Escape character is '^]'. 220 smtp1.foo.com ESMTP Postfix (GNU/Linux) HELO bar.com 250 smtp1.foo.com MAIL FROM: some...@gmail.com (mail must be valid) 250 2.1.0 Ok RCPT TO: a...@foo.com 250 2.1.5 Ok DATA 354 End data with <CR><LF>.<CR><LF> testing some kind of spam . 250 2.0.0 Ok: queued as C7A602F7605 quit 221 2.0.0 Bye Notes: In this scenario, foo.com is my "real" mail server, bar.com is my "real" testing server, some...@gmail.com is an example of an "existing" and valid mail account and a...@foo.com is my "real" mail address. The odd thing is that this actually works. I can connect and send mails spoofing the sender's address, despite my postfix configuration directives: permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_non_fqdn_hostname, reject_invalid_hostname, reject_unknown_recipient_domain, reject_unverified_recipient, reject_unknown_sender_domain, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_non_fqdn_sender, reject_unverified_sender, reject_unknown_sender_domain, reject_sender_login_mismatch, reject_unauth_pipelining, Is some option missing? What can I do to prevent this? I found it because I received spam in this way. Using postfix 2.3.3 on Centos 5.4.
You are not SASL authenticated which is not needed for sending mail to a local address. SASL is only needed for relaying and without it you can not detect what user is trying to send so you have no way to match user<-->sender-address. This is how SMTP works.
Regards Andreas
smime.p7s
Description: S/MIME Signatur
