Postfix to reject all unauthenticated users

Andriy Yurchuk asked:

My Postfix configuration is the following:

smtpd_client_restrictions =  permit_sasl_authenticated, permit_mynetworks
smtpd_helo_restrictions = reject_invalid_helo_hostname
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unlisted_sender, reject_unknown_sender_domain
smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_data_restrictions = reject_unauth_pipelining, reject_multi_recipient_bounce, permit
smtpd_end_of_data_restrictions = permit_sasl_authenticated, permit_mynetworks
smtpd_etrn_restrictions = reject

smtpd_reject_unlisted_sender = yes
smtpd_reject_unlisted_recipient = yes

Currently, if I telnet to my mail server from anywhere I am able send an email without authentication with any HELO and any MAIL FROM: to any of the email addresses configured on my mail server. I want to reject that and allow sending to my mail server’s addresses only after successful authentication.

UPD Is it possible at all? I’ve just realized that this might actually be the way a mail receiving system works in general (the sender does not need to auth on my server to send a mail to me). Or am I mixing something up?

My answer:

The behavior you describe as happening is correct, if you want to receive mail from people outside your domain on the rest of the Internet. Only outgoing mail from your own users, destined for other places on the network, needs to be authenticated.

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.