Even though my postfix server cannot be used without authentification (open relay), sending mail in another users name after logging in is still possible like this:
EHLO domain.org auth plain eW91IGxpdHRsZSBkaXJ0eSBiYXN0YXJkIDstKQ== 235 2.7.0 Authentication successful mail from: email@example.com 250 2.1.0 Ok rcpt to: firstname.lastname@example.org 250 2.1.5 Ok data 354 End data with <CR><LF>.<CR><LF> Please send me your account info. . 250 2.0.0 Ok: queued as D40692A61AA quit
How can this be prevented?
you should have (possibly among other things):
You must have
smtpd_sender_login_maps defined to provide a username to email address mapping.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.