1
i have a question: How to reject unauthenticated user to send throught my smtp or just allow to send locally? Here is my main.cf:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
defer_unauth_destination
myhostname = 123
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = $myhostname, localdomain, localhost, localhost.localdomain, localhost, vps.server.local
relayhost =
mynetworks = 0.0.0.0/0
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
virtual_alias_maps = hash:/etc/postfix/virtual
sender_bcc_maps = hash:/etc/postfix/bcc
home_mailbox = Maildir/
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
smtp_tls_security_level = may
allow_percent_hack = no
132
Posted 2018-04-15T14:28:47.940
Reputation: 11
hi, it's still sends letters unauth. Is it corect? – 132 – 2018-04-15T18:43:38.167
I think you need to be more specific about what is happening that you don’t want to happen. – Appleoddity – 2018-04-15T18:45:42.757
Now any user can connect to my server and send a letter (without authentication). I want only user with e-mail box and password can send a letter (authenticated). – 132 – 2018-04-15T19:08:34.297
Do you mean you don’t want to be able to receive mail from other users on the internet? There’s a difference between unauthenticated users being able to send mail through your server as a relay, and unauthenticated users being able to deliver mail to your users, which is necessary for normal mail flow. – Appleoddity – 2018-04-15T20:14:18.863
I want to receive mails from any other users from the internet, but if user wants to connect to my server via smtp protocol, he must use login and password, which are already created. Now i can connect to my server via telnet and i dont need to auth. – 132 – 2018-04-15T20:30:36.460
1I think I know what you are asking but I still don’t think you fully understand what I’m asking. “Users from the internet” can’t send you email if they are forced to authenticate. That isn’t how email works. Now, if you want YOUR users to be the only ones who can send mail through to, or through your server then that is a different story. Then you use smtpd_sender_restrictions and you won’t be able to receive mail from anybody on the internet except for your own users who login. – Appleoddity – 2018-04-15T20:50:27.580
I have server: server.com. I have user: user@server.com. Now my mailbox user@server.com can receive e-mail from any server: gmail, hotmail, other private smtp (at least could). But now any person can connect to my server.com and send a letter to gmails, hotmails and can pretend to be user123@server.com (not sure that he can pretend). I want, if user wants to send email through my server, only way is he must connect to server.com as user@server.com (in my case login is just user) with correct password and send letter to gmails, hotmails, etc. – 132 – 2018-04-15T21:45:34.787
Ok. Now it makes sense and I have taken a closer look at your config. I have edited my answer for you. It would be great to have you use the example in your last comment and edit your question to make it more clear for others. – Appleoddity – 2018-04-15T21:54:43.987