From c71fc4b097c6d2ed2861dd74ea6c69f6666c8187 Mon Sep 17 00:00:00 2001
From: Salonia Matteo <saloniamatteo@pm.me>
Date: Mon, 5 Apr 2021 11:12:07 +0000
Subject: [PATCH] Disallow unauthenticated senders

This stops unauthenticated users from sending unauthorized emails.

Example:

`swaks -t matteo@mail.saloniamatteo.top --header "Subject: Unauthorized Email" --body "This email should not go through." --server mail.saloniamatteo.top`

Before this patch, any user could run the command above, without any authentication, and the server would gladly accept the incoming mail.
Now, the email is rejected, and the email server only allows authenticated users.
---
 emailwiz.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/emailwiz.sh b/emailwiz.sh
index 7cf5725..f01972d 100755
--- a/emailwiz.sh
+++ b/emailwiz.sh
@@ -81,6 +81,7 @@ postconf -e "smtpd_sasl_type = dovecot"
 postconf -e "smtpd_sasl_path = private/auth"
 
 # Sender and recipient restrictions
+postconf -e "smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unknown_sender_domain, reject_unauth_pipelining, reject_non_fqdn_sender, reject_sender_login_mismatch, reject_authenticated_sender_login_mismatch, reject_known_sender_login_mismatch, reject_unauthenticated_sender_login_mismatch"
 postconf -e "smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination"
 
 # NOTE: the trailing slash here, or for any directory name in the home_mailbox