i found the Postfix SMTP Authentication and Dovecot SASL setup how-to at http://www.linuxmail.info/post…..ecot-sasl/, first off thanks for taking the time to write it and respond to everyone's questions.
the reason i was looking in the first place is that i am able to send mail via telnet (and possibly a mail client, haven't tried it…) without authenticating between any users in the postfix server. you mention a couple times in the comments on the how-to that this is "normal" / proper behaviour, why is this ok? for instance, i can telnet in and send mail from "boss@myorg.com" and tell everyone they are fired, or send mail to "boss@myorg.com" as any user in the system telling him he smells. while this can be fun and all, it is not behaviour i want to leave enabled…
you (consultant) replied a couple of times to a similar scenario mentioned in the comments with "That’s the correct behavior. Otherwise, you won’t be able to accept mail from the outside." i guess my question is what does this behaviour have to do with accepting mail from outside, isn't mail accepted based on the "@myorg.com" being in the accepted domains list regardless of what the sending domain is? it just seems like a very bad scenario, especially if you don't know/trust your users, or anyone that knows usernames and your mail server address.
thanks again for helping everyone with their mail servers, happy holidays!
jay
Subscribe |
Follow me
Login 
Register 
Search 
Home
Reply to Post
Add a New Topic
Quote and Reply 
Topic RSS 
