|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: SASL + Postfix not authenticating mails from local user to local user.
From: Magnus Bäck (magnus
dsek.lth.se)
Date: Thu Feb 02 2006 - 12:59:20 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thursday, February 02, 2006 at 18:52 CET,
Rodrigo Brayner <rbraynergmail.com> wrote:
> On 02/02/06, Magnus Bäck <magnusdsek.lth.se> wrote:
>
> > Yes, of course it does. If this wasn't the case and indeed ALL
> > clients had to authenticate, how would your users ever get mail from
> > anyone outside your organization?
>
> That's what i thought. I just didn't want users acting as another user
> inside my organization, that already happened here. So, as i can see,
> the SMTP protocol does not permit me to implement that security issue.
The SMTP protocol does not specifically address that issue, but Postfix
does. See smtpd_sender_login_maps and the associated restrictions
(reject_sender_login_mismatch and friends).
> So, it's possible to do this:
>
> # telnet mydomain.com 25
>
> 220 mydomain.com ESMTP MY DOMAIN
> helo mydomain.com
> 250 mydomain.com
> mail from: user1mydomain.com
> 250 Ok
> rcpt to: user2mydomain.com
> 250 Ok
> data
> 354 Enter mail, end with "." on a line by itself
> whatever
> .
> 250 Ok: queued as D61AB13FA1
> quit
> 221 Bye
>
> But, i tried to do the same thing in comercial mail servers around the
> net, and they just close my connection like this one:
>
> # telnet smtp.bol.com.br 25
>
> 220 sankara1.bol.com.br ESMTP
> helo bol.com.br
> 250 sankara1.bol.com.br
> mail from: userbol.com.br
> 550 Command failed. Mailbox is unavailable.
> 221 Bye
This is too vague. Why does the remote server reject the sender address?
Stop top-posting.
--
Magnus Bäck
magnusdsek.lth.se
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]