Postfix:: unauthenticated local mail between virtual hosts = spam.

Discussion in 'Server Operation' started by Nap, Dec 11, 2014.

  1. Nap

    Nap Member

    [SOLVED]Postfix:: unauthenticated local mail between virtual hosts = spam.

    EDIT:(SOLVED)

    Hi,

    I have a problem with making my users authenticate before sending emails which I can't seem to solve.

    My server is setup to prevent unauthenticated mail from getting out onto the internet, and it works well.

    However, when a user from one of my hosted domains sends an unauthenticated email to another user who is also on my server (either in the same domain as the sender or one of the other domains), the email is delivered successfully but Spamassassin marks it as spam. If they do authenticate, then the email is delivered without being flagged as spam.

    If I force my users to authenticate before sending locally, I create a situation where my server can't receive external mail because other SMTPs then need to authenticate before they can forward mail to me.

    I want all my users to always authenticate when sending mail. No authentication, no sending.

    Is there a way of doing this using Postfix?
    (I think it can be done using two mail servers; one for internal mail and another for external, but I don't have the setup to do this.)

    If not
    Can Spamassassin be setup to delete the unauthenticated local mail (seeing as it is able to recognise it)? Or can Dovecot do it?

    Cheers,
    Nap
     
    Last edited: Dec 13, 2014
  2. Nap

    Nap Member

    I forgot to mention that I have the 'submission' server setup as well, and thus my clients can send mail via ports 465, and 587.

    However, the client is still able to send mail via port 25 (if they setup their client 'incorrectly').

    Is there a way of blocking port 25 from access by my clients (who always connect through the internet) but leave it open for other SMTP servers? (Using IP's is obviously not feasible.)

    Cheers,
    Nap
     
  3. Nap

    Nap Member

    I think I've done it. (At least it seems to work here.)

    Authenticated:
    1) I can receive mail from external sources (gmail)
    2) I can send mail to external sources (gmail)
    3) I can send mail between users I'm hosting (same domain or other domains)

    Unauthenticated
    1) Sending to external recipient causes a "Undeliverable" message from System Administrator
    2) Sending mail to users I'm hosting (same domain or other domains) also causes a "Undeliverable" message from System Administrator

    I achieved this by modifying my master.cf config of cleanup as follows:
    Code:
    cleanup   unix  n       -       -       -       0       cleanup
      -o smtpd_client_restrictions=permit_sasl_authenticated,reject

    Any comments would be MOST welcome, particularly of shortcomings I haven't foreseen.

    Cheers,
    Nap
     

Share This Page