Hi all, I'm struggling with some issues with postfix and I'm hoping you guys can help. I've used the perfect server install for ispconfig 3 ( not the 3.1 RC ). Debian 8 server. What I found with this setup is that when I send an email with a valid login I can specify ANY email address I want and it's delivered. For instance, I setup a valid email account for the server in Thunderbird. I used the correct SMTP login details but instead of using a real email address for the account I used [email protected]. I can send out email like this and it's delivered no problem. My concern here is that if an email password is compromised it could be used to send out spam pretty easily. I've search around quite a bit and I can't find out how to limit the sender to the email it is verified for. How can this be done?
You could do something similar in 3.0, I believe you just set Code: smtpd_reject_unlisted_sender = yes then point Code: smtpd_sender_login_maps = to an appropriate lookup query (check `mysql-virtual_sender_login_maps.cf` from 3.1, which will need tweaked a bit), then alter Code: smtpd_sender_restrictions = to include `reject_authenticated_sender_login_mismatch`. 3.1 will be a nicer implementation though, with a checkbox to enable/disable sending as an alias and forward as well.
Thanks guys! For 3.1, do we have an estimate for when the final will be ready? Not trying to rush or anything. Would rather have it stable than rushed. Jesse, that's similar to what I was trying but looks like I was missing the second part of what you have. I'll give that a try when I get a chance.
