On 2/15/2010 6:10 PM, joel.rosen...@imdea.org wrote: > Hi, > > I have one mail server running postfix and own a domain (foo.com), > i've noticed that when i try to send an email to the "outside" (other > domains different than mine) i have to authenticate myself against the > server in order to be able to send the email otherwise it will give me > a relay access denied error. Until this point everything is ok. > > My doubt is that when i connect to the server and try to send an email > to one of my users, for example b...@foo.com it doesn't ask me for any > password. i repeat, when i try to send an email to one of my users > using _my server_ it doesn't ask me for any kind of authentication > (i'm not talking about sending an email to one of my users using > another mail server in the internet). > How could i enforce the server in order to authenticate the mails that > are being sent _from_ my server no matter what destination domain is, > and if the authentication is not successfull it reject the email?
This is called submission and should only be enforced on a dedicated machine or port that the internet, as a whole, will not use. E.g. Port 587 If you enforce this globally, then you can only ever receive intra-system mail. a.k.a.: the internet would not be able to send anything to your destination. Postfix is unable to distinguish between inter-office mail from the internet and mail from the outside. Authentication, in this case, can be set to bypass rules such RBLs from remotes. What is the real problem you are trying to solve? External policy servers can be created/configured to fit your needs to reduce garbage mail if that is your problem. For this, see http://www.postfix.org/SMTPD_POLICY_README.html for a start or use a pre-built program such as policyd.
