I have postfix configured and whilst it's not an open relay, there are some issues in that you can send from and to the same person externally and bypass the system.

For example:

If I do this:



the email will be sent. Basically, it's accepting the email, even though the from addres hasn't authenticated. Now, if I do this:



then the email will be rejected because the recipient is not a destination on my server - which is correct. However, I'm finding that I need to ensure that the From: address, if it is me or anyone at my domain that it should be rejected unless authenticated.

Anyone any ideas on that? Hope I explained it clearly enough

are you testing this from a trusted network?

what's in mynetworks?

I was testing from untrusted networks. mynetworks only lists internal IP range and localhost.

I have a feeling though, to get it to protect from address, I'll need to integrate SPF so that it knows my from address is not coming from a valid IP assigned to send email for my domain.

Yup, that will work for me also, but then if I did the same mailfrom again later, it will accept and receive it. So I reckon I need SPF to fix it to ensure that emails from my domain are only allowed to come from my ip and not any other external IP - unless of course, user is authenticated.

At least, that's what I'm thinking so far.