El 06/06/2012 22:25, Patrick Ben Koetter escribió:
* Nicolás<nico...@devels.es>:
I'm new to this list and the reason why I'm writing is because I
found out one thing I think is worrying enough to share it with you
I've got my Postfix configured with virtual users, integrated with
Dovecot. Everything's working fine, no (known) configuration issues.
I was mainly investigating on my Mozilla Thunderbird, concretely the
Identities option. I tried to add an 'identity' (with a fictional
login), just to try what would happen and surprisingly the mail was
sent out without any problem - using the configuration of the 'real'
account:
Jun 6 21:23:35 mail postfix/smtpd[13009]: 3035F10000C:
client=unknown[192.168.0.10], sasl_method=PLAIN,
sasl_username=nico...@devels.es
Jun 6 21:23:35 mail postfix/cleanup[13017]: 3035F10000C:
message-id=<4fcfbc49.60...@devels.es>
Jun 6 21:23:35 mail postfix/qmgr[1766]: 3035F10000C:
from=<fictio...@devels.es>, size=651, nrcpt=1 (queue active)
Jun 6 21:23:35 mail postfix/smtpd[13009]: disconnect from
unknown[192.168.0.10]
Jun 6 21:23:37 mail postfix/pickup[12624]: 28C801012C0: uid=5002
from=<fictio...@devels.es>
Jun 6 21:23:37 mail postfix/cleanup[13017]: 28C801012C0:
message-id=<4fcfbc49.60...@devels.es>
Jun 6 21:23:37 mail postfix/pipe[13019]: 3035F10000C:
to=<nico...@devels.es>, relay=spamassassin, delay=2.1,
delays=0.25/0.05/0/1.8, dsn=2.0.0, status=sent (delivered via
spamassassin service)
Jun 6 21:23:37 mail postfix/qmgr[1766]: 3035F10000C: removed
My question is: How 'safe' is this? Is there any way to restrict
creating identities for users unless the administrator allows to do
so? I really would be worried if ANY user would create ANY
identities and use them the way he wants... Any ideas appreciated!
SASL in Postfix authenticates identities. It is up to Postfix to authorize a
known identity to do something. Currently Postfix can do two things for
authenticated identities:
1. Permit identity to relay
2. Permit identity to use one or more envelope senders
You have only configured use case 1. Read into smtpd_sender_login_maps to
setup and configure use case 2 also.
p@rick
Thanks!
Nicolás
Thank you very much, Patrick.
Now it works the way I described :-))
Nicolás
