Welcome to the Linux Foundation Forum!

Postfix - sending mail between servers using telnet - blocking attempt

Hello
I have a question regarding the POSTFIX configuration. I don't know if this is normal.
I try to configure a POSTFIX server with DOVECOT and connect it to another mail server so that both servers can send mail between them.

At the beginning I would like to point out that sending mail between servers as well as downloading and sending mail by clients works fine. For the sake of the description, let's assume that only server1 is configurable.

I explain what I mean, for the sake of clarity I will do it in points (server names and addresses are not original):
1. There are two servers on the network POSTFIX + DOVECOT server1.a.com (IP 192.168.100.2 - a.com) that I want to configure and server2.b.com (IP 192.168.100.3 - b.com) server2 will not be configured

  1. ON the server1 POSTFIX and DOVECOT are set. Dovecot authorize sending mail by SMTP.
    Clients using server1 can use it to send mail between local accounts on server1 after authentication and to server2. Communication from server2 to server1 also works fine.

  2. When I am logged in to the bash shell on server2.b.com and using telnet I log into port 25 of server1.a.com, I can send an e-mail to any server1 account without the need for authentication, being connected from server2.

Example:
using bash shell from server2.b.com
telnet server1.a.com 25
mail from:[email protected]
rcpt to:[email protected]
data
...

I will say it more clearly - if I go to server2 bash shell and make a telent connection to server1 to port 25 and give the source address of the email from server2 and the recipient as an account on server1, POSTFIX will send the email without authorization. I want to block it. Is it possible to block it without blocking mail from server2 to server1 ?

I have tried to restrict sending mail with smtpd_recipient_restrictions, smtpd_client_restrictions, smtpd_sender_restrictions, smtpd_reject_unlisted_sender
(code below)
Thanks to this configuration, it is not possible to send e-mails from the local server1 account to another local account without authorization via telnet. But I can't stop my mail from server2 telnet connection to server1 on port 25 from sending all mail traffic without authorization. I want to block it without encryption and certificates.

File main.cf:

compatibility_level = 2
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
myhostname = server1.a.com
mydomain = a.com
myorigin = $mydomain
inet_interfaces = all
inet_protocols = ipv4
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
unknown_local_recipient_reject_code = 550
mynetworks = 127.0.0.0/8
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
home_mailbox = Maildir/
header_checks = regexp:/etc/postfix/header_checks
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions =permit_sasl_authenticated,reject_unauth_destination
smtpd_client_restrictions=permit_sasl_authenticated,check_client_access hash:/etc/postfix/client_list,reject
smtpd_sender_restrictions = reject_unknown_sender_domain, permit_sasl_authenticated,check_sender_access hash:/etc/postfix/sender_access,reject
smtpd_reject_unlisted_sender=yes

#
File sender_access:
b.com OK
#
File client_list:
192.168.100.3 OK

Thank you in advance for your help.
Best regards

Sign In or Register to comment.