Make sure the submission daemon in master.cf is configured with the
following option:
-o smtpd_sasl_auth_enable=yes
Then ensure that you have SASL properly configured.
Also, ensure that your trusted networks is configured properly to ensure
you do not inadvertently have an open relay.
On 12/27/11 12:45 AM, Glenn Sieb wrote:
Dear list,
While I have SASL set up on port 587, I recently found that foreign
IPs can connect, pretend to be, say, me, and send mail to my users.
SPF can catch this, but I think it's something that should/can be
caught by Postfix, no? So I conclude I have fubar'd my SMTP config
somehow.
How do I make it so this kind of transcript won't work unless you're
authenticating using SASL on port 587?
(connect not from my server to my server port 25)
ehlo example.org
mail from:m...@example.org
rcpt to:m...@example.org
data
subject:Testing
testing
.
(where example.org is my server in this case... when I issue the ehlo,
I get this reply:
250-wingfoot.org
250-PIPELINING
250-SIZE 2048000000
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN )
:-/
Thanks in advance!
Best,
--Glenn
--
Steve King
Senior Linux Engineer - WebMD LLC
Cisco Certified Network Associate
CompTIA Linux+ Certified Professional
CompTIA A+ Certified Professional
