These forums are locked and archived, but all topics have been migrated to the new forum. You can search for this topic on the new forum: Search for Postfix - Forcing authentication on the new forum.
Hi
I am tring to set up postfix smtp to only allow mail to be sent when a correct username and password has been supplied for the account. for instance i have a php script that sends email from a contact us script, it has username and password fields, at present it will send without username and password. Anyone any idea of a way i can force postfix to look for the username and password????
Colin
Hi there Colin,
Well, it's pretty typical to allow programs running on a server to use the local SMTP server without requiring a password. People on other servers couldn't send via your server without a password, it's only local programs that can.
If you really did want that, I'm not sure how to configure it.
I suppose my question is, do you feel there's a significant benefit in doing that?
Problems that arise include issues in both Virtualmin and Cron sending sending out emails when certain actions take place -- as both tend to assume that they'd be allowed to send an email using the local SMTP server.
A script on your system is able to send via both Postfix, as well as directly contacting remote SMTP servers, and in either case it looks like it came from your server.
That is to say, if a script on your server wants to send an email, it can do so whether or not they use your Postfix setup. However, normal system functions may break since they assume they don't need to authenticate.
-Eric
Hi Eric
Ok
Is it possable to stop out going emails via the firwall say allow port 25 in so i can receive email but not allow out so the emails would have to be gotten by Imap, pop3 or web mail?
The reason i want to stop emails from scripts is one of our servers which runs comercial software that had a flaw in it and allowed a file to be placed on the site to allow email to be sent. This is what i am tring to provent happening again.
Colin
<div class='quote'>Is it possable to stop out going emails via the firwall say allow port 25 in so i can receive email but not allow out so the emails would have to be gotten by Imap, pop3 or web mail?</div>
That's probably even harder. ;-)
Everything on your system was designed to mostly trust the local user and distrust the outside world. You're wanting it to do the opposite.
But, to understand why it's harder with the firewall...you're trying to make a decision with almost no information. Firewalls don't know about users. So, if you block outgoing port 25 traffic (which I'm not entirely sure is possible with a local firewall) you block it for everybody, including Postfix. There is no such thing as, "block for certain users".
<div class='quote'>in so i can receive email but not allow out so the emails would have to be gotten by Imap, pop3 or web mail?</div>
Now you're talking about a completely different set of protocols.
What, exactly, are you trying to accomplish? Maybe we can guide you onto another path to some sort of solution.
--
Check out the forum guidelines!
Basically there was a php file uploaded to on of our servers that was then used to send lots of spam and this caused the site to be taken off line by our ISP and we have been warned I need to take more care!
We currently get our email via Imap and POP3 which is port 110 and 143 and the way i understand is that port 25 is the port where email is sent from the internt to me and how i send it to the outside world. If the email is stored locally on the server i could setup a rule in the firewall if port 25 is incomming on eth0 allow but if port 25 is out going reject everything. There is in the PHP settings to stop email but this dose not seem to work. Any sujestions you may have would be welcome.
Colin
So I just want to verify the goal -- are you saying you don't need to send email from this server to other servers? If we make it so that it can't connect to port 25/SMTP on remote servers, that would do what you want without harming the service you offer?
-Eric