On Sun, Mar 18, 2012 at 06:51:03PM +0000, Rachid Abdelkhalak wrote: > On Sun, 18 Mar 2012, Reindl Harald wrote: > >Am 18.03.2012 19:27, schrieb Rachid Abdelkhalak: > >>>>If it's not possible, Is there any additional filters can i > >>>>apply authenticate users trying to use SMTP Commands to send > >>>>emails from the server using Telnet port 25? > >>> > >>>there is simply no differnce between telnet and any other MUA
Look at this ^^ again. Understand it. A person who uses telnet for testing is exactly like any other SMTP client, with the exception that a regular MUA is easier to use. > >>>you have restricted relay for authenticated users (hopefully > >>>or you should shut down the machine) or not, the MTA is not > >>>interested in which client submits a message > >> > >>I'm using SMTP Auth for all connections coming from networks > >>NOT in mynetworks. When i'm using a clinent such as Outlook, > >>Alpine... from an IP not in mynetworks, i'm prompted fot > >>authentication. But when i'm doing a telnet from the same > >>IP, i'm not and i'm allowed to send emails from my CEO > >>@myowndomain.tld to any address for example. "To any address" strongly suggests you have made a serious configuration error. "To any address that you host" sounds quite normal, OTOH. http://www.postfix.org/DEBUG_README.html#mail > >i guess you do not understand SMTP Authentication > > > > Maybe, i'm counting on you to have things more clear > > >you are NOT prompted if the RCPT is in your own domains > >this is because you are not try to relay > >that way mail delivery works from other MTA's > > The RCPT is not in my domain. Share your logs and config as per the above link. Show the logs of this mail being sent. > For example, if i connect to my server > > telnet myserver 25 > ehlo > mail from:<my...@mydomain.com> > rcpt to:<externaladdr...@otherexternaldomain.com> > data > This is a test, please do not respond > . > quit > > With this test, i was able to send email from my CEO address to an > external email address using my server. > > That's what i'm trying to prvent. We can't tell you what you did wrong until you show us what it was. We CAN tell you, as Reindl did more than once, that there is no difference between telnet and any MUA, as far as Postfix can tell. If you can do that with telnet, you can do it with Thunderbird too. > >again: there is no difference between telnet and any other MUA Again: there is no difference between telnet and any other MUA. > >spoofing protections has nothing to do with SMTP Auth -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
