NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2006-02

Re: SASL + Postfix not authenticating mails from local user to local user.

From: Rodrigo Brayner (rbraynergmail.com)
Date: Thu Feb 02 2006 - 11:52:14 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

That's what i thought. I just didn't want users acting as another user
inside my organization, that already happened here. So, as i can see, the
SMTP protocol does not permit me to implement that security issue. So, it's
possible to do this:

# telnet mydomain.com 25

220 mydomain.com ESMTP MY DOMAIN
helo mydomain.com
250 mydomain.com
mail from: user1mydomain.com
250 Ok
rcpt to: user2mydomain.com
250 Ok
data
354 Enter mail, end with "." on a line by itself
whatever
.
250 Ok: queued as D61AB13FA1
quit
221 Bye

But, i tried to do the same thing in comercial mail servers around the net,
and they just close my connection like this one:

# telnet smtp.bol.com.br 25

220 sankara1.bol.com.br ESMTP
helo bol.com.br
250 sankara1.bol.com.br
mail from: userbol.com.br
550 Command failed. Mailbox is unavailable.
221 Bye

I tried many many users i found on the net and it always shows this message.
Does postfix support that kind of configuration ? Thanks ;).
On 02/02/06, Magnus Bäck <magnusdsek.lth.se> wrote:
>
> On Thursday, February 02, 2006 at 17:46 CET,
> Rodrigo Brayner <rbraynergmail.com> wrote:
>
> > I have a problem that maybe has been discussed along this forum, but i
> > could not find it. I configured Postfix + MySQL + SASL + Maildrop etc
> > and i'm having some problems with authentication. SASL is working
> > fine, i can authenticate users in outlook. When i send an email to
> > another domain (via outlook), my email server blocks it because of the
> > relay, it only permits if the user is authenticated. Utill now that's
> > ok. But when i send an email to a local user, for example, from
> > user1mydomain.com to user2mydomain.comwith no authentication,
> > my server permits the delivery :|.
>
> Yes, of course it does. If this wasn't the case and indeed ALL clients
> had to authenticate, how would your users ever get mail from anyone
> outside your organization?
>
> --
> Magnus Bäck
> magnusdsek.lth.se
>

--
Rodrigo Fagner Brayner de Brito
Engenheiro da Computação
Coordenador Técnico de Voz sobre IP (VoIP) do PoP-PE
PoP-PE - Ponto de Presença da RNP em Pernambuco
RNP - Rede Nacional de Ensino e Pesquisa
rbraynergmail.com

--
"Não há nada que possamos fazer para Deus nos amar mais.
Não há nada que possamos fazer para Deus nos amar menos."

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]