I will try to be more specific. Create an test account that can send emails from postfix. Telnet on the postfix machine on port 25. Now send an email from that test account to any other valid email on your domain. You will see that you are allowed to do so without authentication. The whole world can do that. I don't think you will want emails to be sent on your user's behalf inside your domain.
Is there any way postfix can stop that ? > On 18 May 2016, at 14:08, D'Arcy J.M. Cain <da...@vex.net> wrote: > > On Wed, 18 May 2016 13:22:49 +0300 > Catalin Badirca <badi...@yahoo.com> wrote: >> I've tried your suggestion and the issue remains. Someone could >> telnet into postfix and would be allowed to send mails from a valid >> address to another valid address in mydomain without authentication. >> >> Is there any way I can stop potential spam for mydomain ? > > What do you mean by "telnet into postfix"? Are you saying that valid > users on your system are spamming your other users? All you can do > there is monitor your own house and slap anyone who does that. It > doesn't matter whether they spam their fellow users or the whole world. > your users are your responsibility but that's not a technical issue. > > If you mean that someone can connect to your port 25 and send your > users spam then yes, welcome to the twenty-first century and the spam > problem that everyone is fighting. That's the daily fight we all > have. There are a number of spam mitigation techniques that you can > try. None of them are 100% effective. You can block known spam sites, > use SPF, greylisting and other tools to slow down spam at the SMTP > level and spamassassin, bogofilter and other filters after to catch > suspected spam after it is accepted. Look at spam-fighting sites for > some ideas. > > If you do find a way to block 100% of all spam please tell us how. > Better yet, package it and sell it. You will be a billionaire. > > -- > D'Arcy J.M. Cain > System Administrator, Vex.Net > http://www.Vex.Net/ IM:da...@vex.net > VoIP: sip:da...@vex.net
