I have a user ([email protected]) that recieved an "Invoice" through my mail server. How do I block unauthenticated users from sending/relaying email through my mail server with my internal domain? I would expect emails from internal domains to always require authentication. Here are the headers from the message: (SPF passed, Envelope-From/Return-Path do NOT match Mail From) Code: Received: from email.cttechcorp.com (70.62.123.171) by MAIL.metrotestbalance.com (192.168.234.15) with Microsoft SMTP Server (TLS) id 14.3.382.0; Thu, 31 May 2018 16:02:55 -0400 Received: from localhost (localhost [127.0.0.1]) by email.cttechcorp.com (Postfix) with ESMTP id 68F3642280B for <[email protected]>; Thu, 31 May 2018 16:02:54 -0400 (EDT) X-Virus-Scanned: Debian amavisd-new at email.cttechcorp.com Received: from email.cttechcorp.com ([127.0.0.1]) by localhost (email.cttechcorp.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8wtowZqBgyEL for <[email protected]>; Thu, 31 May 2018 16:02:52 -0400 (EDT) Received-SPF: pass (evirtualservices.com: 162.144.59.77 is authorized to use '[email protected]' in 'mfrom' identity (mechanism 'ptr' matched)) receiver=email.cttechcorp.com; identity=mailfrom; envelope-from="[email protected]"; helo=server.evirtualservices.com; client-ip=162.144.59.77 Received: from server.evirtualservices.com (server.evirtualservices.com [162.144.59.77]) by email.cttechcorp.com (Postfix) with ESMTPS id 73AA54222F0 for <[email protected]>; Thu, 31 May 2018 16:02:44 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=evirtualservices.com; s=default; h=Content-Type:MIME-Version:Subject: Message-ID:To:From:Date:Sender:Reply-To:Cc:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=xlWjWGFOLaEJNf431rnvB5rqSzZdapu7EEWCWB0xN2s=; b=dXvR1Ym9qQahQRokAfaOvYY3f DjWlRoHknFO0D60JM+3EJ9cYuse2qPooqGUYY53R09i1vvTuRSWcy7QmzQRHSXXn9sEojf2P3mC7l 9XbNMMX6yGI6nxdWvpGDrWSyt7; Received: from dynamic-186-154-204-220.dynamic.etb.net.co ([186.154.204.220]:63965 helo=10.0.0.25) by server.evirtualservices.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89_1) (envelope-from <[email protected]>) id 1fOTmW-0001vg-HD for [email protected]; Thu, 31 May 2018 20:02:44 +0000 Date: Thu, 31 May 2018 15:01:22 -0500 From: <[email protected]>, Todd <[email protected]> To: <[email protected]> Message-ID: <[email protected]> Subject: Emailing: F543407LI 30623, P881638MJ 92790, F27113FP 377590, K424599MV 28466, N806850KN 927395 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_00B5_B6416AE5.A0869422" X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - server.evirtualservices.com X-AntiAbuse: Original Domain - metrotestbalance.com X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - evirtualservices.com X-Get-Message-Sender-Via: server.evirtualservices.com: authenticated_id: [email protected] X-Authenticated-Sender: server.evirtualservices.com: [email protected] X-Source: X-Source-Args: X-Source-Dir: Return-Path: [email protected]
Spamassassin might be able to score those higher, but what you're talking about can be outright rejected before you ever send it to spamassassin. Make sure you have a current ISPConfig version, then enable System > Server Config > Mail (tab) > Reject sender and login mismatch, and make sure smtpd_reject_unlisted_sender is set to yes in /etc/postfix/main.cf .. that might be the default with ispconfig now, I don't remember.
Both settings should apply to incoming as well as originating and client sent mail. reject_sender_login_mismatch is in smtpd_sender_login_maps before permit_mynetworks and permit_sasl_authenticated. smtpd_reject_unlisted_sender is a setting itself (not part of client/sender/recipient restrictions), and would apply to all incoming mail, at least how I understand it: http://www.postfix.org/postconf.5.html#smtpd_reject_unlisted_sender Disclaimer: I've tested some of that in the past, but it's been a while and I don't remember specifics - it's possible my memory is off.
actually totally did not read that. hmm soo was that sender authed or not? if not, u might have an issue with your mailconfig. hehe nice trick used here, some example / dist-configs include 10.0.0.0/8 networkt in some way as allowed / local network. dunno what happens with hel=$allowed_local_ip but looks interesting.