postfix authentication

Discussion in 'Server Operation' started by sudip, Feb 5, 2013.

  1. sudip

    sudip New Member

    I am administering a server and i must accept that I am a total newbie. I have followed the "The Perfect Server – CentOS 6.3 x86_64 (Apache2, Dovecot, ISPConfig 3)" to setup the server. Everything is ok in it, we do not have any problem in sending/receiving mail except that Postfix is allowing mails within the same domain without authentication.
    example : my domain is and I have two mail boxes. [email protected] and [email protected] . Now in the mail client (Thunderbird) of [email protected] , i have given smtp authentication method as "no authentication" and [email protected] is trying to send a mail to [email protected] , still the mail is getting delivered. Can you please guide me or point me to the setting which might be causing it.

    This is my output of postconf -n . In the result I have just modified myhostname and smtp_bind_address.

    alias_database = hash:/etc/aliases
    alias_maps = hash:/etc/aliases
    body_checks = regexp:/etc/postfix/body_checks
    bounce_queue_lifetime = 1d
    broken_sasl_auth_clients = yes
    command_directory = /usr/sbin
    config_directory = /etc/postfix
    content_filter = amavis:[]:10024
    daemon_directory = /usr/libexec/postfix
    data_directory = /var/lib/postfix
    debug_peer_level = 2
    default_process_limit = 50
    header_checks = regexp:/etc/postfix/header_checks
    html_directory = no
    inet_interfaces = all
    inet_protocols = ipv4
    mail_owner = postfix
    mailbox_size_limit = 0
    mailq_path = /usr/bin/mailq.postfix
    manpage_directory = /usr/share/man
    maximal_queue_lifetime = 1d
    message_size_limit = 0
    milter_default_action = accept
    milter_protocol = 2
    mime_header_checks = regexp:/etc/postfix/mime_header_checks
    mydestination = localhost, localhost.localdomain
    myhostname =
    mynetworks = [::1]/128
    nested_header_checks = regexp:/etc/postfix/nested_header_checks
    newaliases_path = /usr/bin/newaliases.postfix
    non_smtpd_milters = $smtpd_milters
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
    queue_directory = /var/spool/postfix
    queue_run_delay = 15m
    readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
    receive_override_options = no_address_mappings
    relay_domains = mysql:/etc/postfix/
    relay_recipient_maps = mysql:/etc/postfix/
    relayhost =
    sample_directory = /usr/share/doc/postfix-2.6.6/samples
    sendmail_path = /usr/sbin/sendmail.postfix
    setgid_group = postdrop
    smtp_bind_address = x.x.x.x
    smtpd_client_restrictions = check_client_access mysql:/etc/postfix/
    smtpd_milters = inet:
    smtpd_recipient_restrictions = reject_unauth_pipelining,permit_mynetworks,permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/, reject_unauth_destination
    smtpd_reject_unlisted_sender = yes
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_sasl_path = private/auth
    smtpd_sasl_type = dovecot
    smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/
    smtpd_tls_CAfile = /usr/local/ispconfig/interface/ssl1/startssl.chain.class1.server.crt
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    smtpd_tls_security_level = may
    smtpd_use_tls = yes
    transport_maps = proxy:mysql:/etc/postfix/
    unknown_local_recipient_reject_code = 550
    virtual_alias_domains =
    virtual_alias_maps = proxy:mysql:/etc/postfix/, mysql:/etc/postfix/
    virtual_gid_maps = static:5000
    virtual_mailbox_base = /var/vmail
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/
    virtual_transport = dovecot
    virtual_uid_maps = static:5000

    Thanks in advance
  2. falko

    falko Super Moderator ISPConfig Developer

  3. sudip

    sudip New Member

    Hi falko
    Thanks for the reply.
    But in my case , the ip from which the mail is coming is not listed in mynetworks.
    And i did not understand what you meant by rdcipient.

    The recipients of the mails which are coming unauthorized are all virtual mailbox.
    And just today I had to remove the setting smtpd_reject_unlisted_sender = yes , otherwise all the system mails were getting blocked.

  4. falko

    falko Super Moderator ISPConfig Developer

    A typo. I meant recipient.
  5. sudip

    sudip New Member

    Then isn't that a security issue? That means i can send mails to any user in our domain and that mail might look like as if the mail has been sent by our MD . I can then send any type of mail to [email protected] and [email protected] will think that the mail has been sent by [email protected] , but in reality the mail has actually been sent by [email protected] - but there is no reference of [email protected] in the mail.


  6. falko

    falko Super Moderator ISPConfig Developer

    A weakness of the SMTP protocol - you can use fake sender addresses.
  7. sudip

    sudip New Member

    Sorry Falko but I can not agree with that.
    I have another domain which is not on this dedicated server , but is on a shared hosting on a windows server of .
    When I am trying to send mail to one of the mailbox of this domain using a fake and non existant userid of the same domain , the mail server is not allowing me to send it.
    And that is also SMTP protocol .
  8. falko

    falko Super Moderator ISPConfig Developer

    Yes, but try to send to a domain that is not on this server...
  9. sudip

    sudip New Member

    hi Falko
    I think you misunderstood my first post (the original post with the problem).

    This is the problem that I am facing in the dedicated server - I am able to send mail to one of the mailbox of this domain using a fake and non existant userid of the same domain.
    Shared windows hosting server is not allowing it , but the dedicated server (The Perfect Server – CentOS 6.3 x86_64 (Apache2, Dovecot, ISPConfig 3) is allowing it.

    This has to be some of the settings.

    Thanks in advance.

Share This Page