3

So I have set up my postfix server with dovecot according to this tutorial. Receiving emails works fine, sending them too. But these days I had the problem that my postfix started sending emails from www-data@domain.com because it was just sending them via PHP Sendmail (a bot network on my machine).

Is it possible to tell postfix that it should only allow me to send emails from virtual users from my database? If an email is being scheduled to send postfix checks first if it has a mailbox for the given user, if not then discard the message?

Dave M
  • 13,138
  • 25
  • 36
  • 47
danielwinter
  • 131
  • 1

1 Answers1

0

You can use pam_imap as an authenticator for postfix - this way you can authenticate SMTP users via IMAP. Any changes to dovecot users and passwords will automatically reflect into postfix.

Eugen Rieck
  • 19,950
  • 5
  • 51
  • 46
  • Looks like OP already has the correct authentication mechanism set up, as the tutorial includes Dovecot SASL integration (smtpd_sasl_type = dovecot) which is in fact a much better choice than PAM already. (The problem seems to be with Postfix allowing mail to be locally injected via `/usr/sbin/sendmail`, which doesn't involve regular authentication in the first place...) – u1686_grawity Jun 26 '20 at 10:51
  • Disabling sendmail is trivial - but what is the underlying problem? If someone already has a shell on the SMTP server, then you are in much bigger trouble – Eugen Rieck Jun 26 '20 at 11:39