Topic: Enforce postfix authentication (even for "mynetworks" ?)
==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.2.1 MARIADB edition.
- Deployed with iRedMail Easy or the downloadable installer? Downloadable installer
- Linux/BSD distribution name and version: Debian 10
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
Hi,
I'm hosting a local mail server at home.
Since my ISP blocks the port 25, I worked around by creating ssh tunnels with a VPS that I have online. These tunnels maps the port 25 of the server to my local server's port 25.
Everything works well BUT I have an issue with postfix and spams : because of that tunnel, all incoming emails are considered as coming from local and so relayed by postfix WITHOUT authentication.
This means that I receive sometimes spam emails from my own emails (with the good DKIM signature etc.).
I double checked that by connecting with telnet directly to the port 25 on the VPS IP address and sending an email "manually" and in fact, no auth is required and I receive the email as it was send by my account from my email server.
I know that there are some flags like "mynetworks" that are made exactly for skipping the authentication process, by default its set to 127.0.0.1 and that's problematic in my case.
How can I "force" the authentication for all emails, regardless the networks they are coming from ? Would be some issues with that kind of configuration ?
Thanks !
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.