From c71fc4b097c6d2ed2861dd74ea6c69f6666c8187 Mon Sep 17 00:00:00 2001 From: Salonia Matteo Date: Mon, 5 Apr 2021 11:12:07 +0000 Subject: [PATCH] Disallow unauthenticated senders This stops unauthenticated users from sending unauthorized emails. Example: `swaks -t matteo@mail.saloniamatteo.top --header "Subject: Unauthorized Email" --body "This email should not go through." --server mail.saloniamatteo.top` Before this patch, any user could run the command above, without any authentication, and the server would gladly accept the incoming mail. Now, the email is rejected, and the email server only allows authenticated users. --- emailwiz.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/emailwiz.sh b/emailwiz.sh index 7cf5725..f01972d 100755 --- a/emailwiz.sh +++ b/emailwiz.sh @@ -81,6 +81,7 @@ postconf -e "smtpd_sasl_type = dovecot" postconf -e "smtpd_sasl_path = private/auth" # Sender and recipient restrictions +postconf -e "smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unknown_sender_domain, reject_unauth_pipelining, reject_non_fqdn_sender, reject_sender_login_mismatch, reject_authenticated_sender_login_mismatch, reject_known_sender_login_mismatch, reject_unauthenticated_sender_login_mismatch" postconf -e "smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination" # NOTE: the trailing slash here, or for any directory name in the home_mailbox