I have a mail server running on Debian 7.8 configured with postfix 2.9.6.
My restrictions are these:
smtpd_sender_restrictions = reject_sender_login_mismatch, reject_unknown_sender_domain, reject_non_fqdn_sender, reject_unlisted_sender, permit_sasl_authenticated, reject_unauth_destination, permit_mynetworks
#smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_helo_access pcre:/etc/postfix/helo_access.pcre
smtpd_client_restrictions = permit_sasl_authenticated, permit_mynetworks
smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination
The problem is that alias an email can send mails to internal user without auth
Examples (all request are made with auth off in client and NOT from localhost):
alias@example.com -> alias@example.com --> Mail sent
alias@example.com -> mailbox@example.com --> Mail sent
someuser@anotherexample.com -> alias@example.com --> Mail sent
someuser@anotherexample.com -> mailbox@example.com --> Mail sent
mailbox@example.com -> alias@example.com --> Sender address rejected: not logged in
mailbox@example.com -> someuser@anotherexample.com --> Sender address rejected: not logged in
someuser@anotherexample.com -> someuser2@anotherexample.com --> Relay access denied
alias@example.com -> someuser@anotherexample.com --> Relay access denied
Where mailbox is any of the virtual user in the database
Any idea? Thank you!