Am 31.12.2014 um 05:58 schrieb Thom Miller:
On 12/30/2014 09:35 PM, Jonathan Hermann wrote:
Ok, then it's by design. So spamassassin/amavis will have to do.
don't get me wrong but re-consider setup a complex, public reachable
mailserver without have *basic* understanding how email works at all
otherwise you would not wonder that gmail, hotmail and all the others
don't need the auth credentials of each and every user to send him his
mails from their users
Am 28.12.2014 um 21:50 schrieb Wietse Venema:
Jonathan Hermann:
I can send mail from an external source (e.g. mail client on my
notebook) to a local user (local on my mailserver) without
authentication. I'm not sure, is this by design?
By default, *any* system can send mail to a local address. Postfix
normally requires client authentication only when a client wants
to send mail to a remote address.
If you don't want to receive any mail from other mail servers to your
postfix, you could blacklist all ips with postscreen
http://www.postfix.org/postscreen.8.html and make your authenticated
connections to port 587 with Thunderbird or whatever clients you choose.
Not certain if that's what you're looking for but I get the impression
you do not expect incoming mail to Postfix
uhm if you don't want to receive from outside then just don't open port
25 in the firewall or even remove the smtp line from master.cf so that
postfix even don't listen on port 25 - but for no vali dreason start to
configure postscreen
or just require auth in main.cf globally
smtpd_recipient_restrictions = permit_mynetworks
reject_non_fqdn_recipient
reject_non_fqdn_sender
reject_unlisted_sender
reject_authenticated_sender_login_mismatch
permit_sasl_authenticated
reject
