ianw1974 Posted April 16, 2008 Report Share Posted April 16, 2008 I have postfix configured and whilst it's not an open relay, there are some issues in that you can send from and to the same person externally and bypass the system. For example: If I do this: nc myserver.com 25 ehlo anyserver.com mail from: me@mydomain.com rcpt to: me@mydomain.com data subject: test test. . the email will be sent. Basically, it's accepting the email, even though the from addres hasn't authenticated. Now, if I do this: nc myserver.com 25 ehlo anyserver.com mail from: me@mydomain.com rcpt to: anyone@hotmail.com then the email will be rejected because the recipient is not a destination on my server - which is correct. However, I'm finding that I need to ensure that the From: address, if it is me or anyone at my domain that it should be rejected unless authenticated. Anyone any ideas on that? Hope I explained it clearly enough :) Quote Link to comment Share on other sites More sharing options...
paul Posted April 16, 2008 Report Share Posted April 16, 2008 are you testing this from a trusted network? what's in mynetworks? Quote Link to comment Share on other sites More sharing options...
ianw1974 Posted April 16, 2008 Author Report Share Posted April 16, 2008 I was testing from untrusted networks. mynetworks only lists internal IP range and localhost. I have a feeling though, to get it to protect from address, I'll need to integrate SPF so that it knows my from address is not coming from a valid IP assigned to send email for my domain. Quote Link to comment Share on other sites More sharing options...
paul Posted April 16, 2008 Report Share Posted April 16, 2008 nc mail.loudas.com 25 220 mail.loudas.com ESMTP Postfix (Paul Willard) ehlo anyserver.com 250-mail.loudas.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN CRAM-MD5 LOGIN 250-AUTH=PLAIN CRAM-MD5 LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN mail from: me@loudas.com 250 2.1.0 Ok rcpt to: paul@loudas.com 450 4.7.1 <paul@loudas.com>: Recipient address rejected: Greylisted for 1 minutes Quote Link to comment Share on other sites More sharing options...
ianw1974 Posted April 17, 2008 Author Report Share Posted April 17, 2008 Yup, that will work for me also, but then if I did the same mailfrom again later, it will accept and receive it. So I reckon I need SPF to fix it to ensure that emails from my domain are only allowed to come from my ip and not any other external IP - unless of course, user is authenticated. At least, that's what I'm thinking so far. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.