* Nicolás <nico...@devels.es>: > I'm new to this list and the reason why I'm writing is because I > found out one thing I think is worrying enough to share it with you > > I've got my Postfix configured with virtual users, integrated with > Dovecot. Everything's working fine, no (known) configuration issues. > I was mainly investigating on my Mozilla Thunderbird, concretely the > Identities option. I tried to add an 'identity' (with a fictional > login), just to try what would happen and surprisingly the mail was > sent out without any problem - using the configuration of the 'real' > account: > > Jun 6 21:23:35 mail postfix/smtpd[13009]: 3035F10000C: > client=unknown[192.168.0.10], sasl_method=PLAIN, > sasl_username=nico...@devels.es > Jun 6 21:23:35 mail postfix/cleanup[13017]: 3035F10000C: > message-id=<4fcfbc49.60...@devels.es> > Jun 6 21:23:35 mail postfix/qmgr[1766]: 3035F10000C: > from=<fictio...@devels.es>, size=651, nrcpt=1 (queue active) > Jun 6 21:23:35 mail postfix/smtpd[13009]: disconnect from > unknown[192.168.0.10] > Jun 6 21:23:37 mail postfix/pickup[12624]: 28C801012C0: uid=5002 > from=<fictio...@devels.es> > Jun 6 21:23:37 mail postfix/cleanup[13017]: 28C801012C0: > message-id=<4fcfbc49.60...@devels.es> > Jun 6 21:23:37 mail postfix/pipe[13019]: 3035F10000C: > to=<nico...@devels.es>, relay=spamassassin, delay=2.1, > delays=0.25/0.05/0/1.8, dsn=2.0.0, status=sent (delivered via > spamassassin service) > Jun 6 21:23:37 mail postfix/qmgr[1766]: 3035F10000C: removed > > My question is: How 'safe' is this? Is there any way to restrict > creating identities for users unless the administrator allows to do > so? I really would be worried if ANY user would create ANY > identities and use them the way he wants... Any ideas appreciated!
SASL in Postfix authenticates identities. It is up to Postfix to authorize a known identity to do something. Currently Postfix can do two things for authenticated identities: 1. Permit identity to relay 2. Permit identity to use one or more envelope senders You have only configured use case 1. Read into smtpd_sender_login_maps to setup and configure use case 2 also. p@rick > > Thanks! > > Nicolás -- All technical questions asked privately will be automatically answered on the list and archived for public access unless privacy is explicitely required and justified. saslfinger (debugging SMTP AUTH): <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
