Topic: Anyone can send E-Mails on new mailserver


I recently set up a new mailserver using iRedmail (1.6.2 - OpenLDAP backend, Nginx Webserver) on Ubuntu 22.04 following this tutorial: https://docs.iredmail.org/install.iredm … buntu.html

My first few basic tests worked, then I set up LDAP connectivity using this tutorial: https://docs.iredmail.org/active.directory.html

LDAP login in Webmail (roundcube) worked. When I tried to send an E-Mail from an LDAP account, I received the error unregistered smtp sender address. So, for testing purposes, I removed the flag smtpd_reject_unlisted_sender from /etc/postfix/main.cf and now I can send E-Mails.

Now, I connected from an external device via telnet on port 25 to my mail server and was able to send an e-mail to an internal address without any authentication.
I'm guessing the removed flag has got something to do with it, but why aren't my LDAP accounts listed as permitted senders? And is there something else I need to do to require SMTP authentication?

Thanks in advance.

Best regards,


Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.