Hello all, I played around with telnet to test my postfix. I noticed that I was able to send spam to an existing/ known email account. please test: telnet yourmailserver 25 ehlo yourmailseerver MAIL FROM: [email protected] RCPT TO: [email protected] DATA Subject: Sending an email using telnet Hello, Here is my body? Do you like it? cheers with a dot . its going into queue... to avoid it you can set smtpd_sender_restrictions = reject_sender_login_mismatch,.... after RCPT to: you get now : Sender address rejected: not logged in would be nice solving it by default. Maybe the developers can fix it?! Is there another way to solve it? thanks! STefan
What you are doing with your test above is to test if your system receives emails for [email protected] and not if you can send emails. Sending emails requires you to authenticate on your system, and that's not what you are doing or testing here. Besides that, most likely you do not have a standard setup anymore as you are editing main.cf manually. It works fine on standard setups to prevent users from sending emails with other identities. We are fine with the way the default setup work but you may alter your setup of course in anyway you like.
yes, I know what you mean. But I tetsted it from a remote server and when a spammer knows the email address he can use it to deliver mail to that email account, to mysqlf.... spam with a known email address is possible. To be sure I have copied the main.cf from a fresh installation and having this result. To avoid that I edit in conf-custom the mismatch entry. As I said, its a clean main.cf from an ubuntu 22 installation. Maybe you are right, but I dont know what I have done wrong. Its a copy.
