Hello everybody.
I have a issue with postfix.
Consider the following scenario:
I telnet to my web server from another location (bar.com) and I start
executing commands.
Connected to foo.com.
Escape character is '^]'.
220 smtp1.foo.com ESMTP Postfix (GNU/Linux)
HELO bar.com
250 smtp1.foo.com
MAIL FROM: some...@gmail.com (mail must be valid)
250 2.1.0 Ok
RCPT TO: a...@foo.com
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
testing some kind of spam
.
250 2.0.0 Ok: queued as C7A602F7605
quit
221 2.0.0 Bye
Notes:
In this scenario, foo.com is my "real" mail server, bar.com is my "real"
testing server, some...@gmail.com is an example of an "existing" and valid
mail account and a...@foo.com is my "real" mail address.
The odd thing is that this actually works. I can connect and send mails
spoofing the sender's address, despite my postfix configuration directives:
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination,
reject_non_fqdn_hostname,
reject_invalid_hostname,
reject_unknown_recipient_domain,
reject_unverified_recipient,
reject_unknown_sender_domain,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname,
reject_non_fqdn_sender,
reject_unverified_sender,
reject_unknown_sender_domain,
reject_sender_login_mismatch,
reject_unauth_pipelining,
Is some option missing? What can I do to prevent this? I found it because I
received spam in this way.
Using postfix 2.3.3 on Centos 5.4.
Thanks,
Alex F.
