Dear list, While I have SASL set up on port 587, I recently found that foreign IPs can connect, pretend to be, say, me, and send mail to my users. SPF can catch this, but I think it's something that should/can be caught by Postfix, no? So I conclude I have fubar'd my SMTP config somehow.
How do I make it so this kind of transcript won't work unless you're authenticating using SASL on port 587? (connect not from my server to my server port 25) ehlo example.org mail from:m...@example.org rcpt to:m...@example.org data subject:Testing testing . (where example.org is my server in this case... when I issue the ehlo, I get this reply: 250-wingfoot.org 250-PIPELINING 250-SIZE 2048000000 250-ETRN 250-STARTTLS 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN ) :-/ Thanks in advance! Best, --Glenn