jeboehm / docker-mailserver

Docker Mailserver based on the famous ISPMail guide
MIT License
371 stars 97 forks source link

Support authentication for sending emails #233

Closed tiberios1 closed 1 year ago

tiberios1 commented 1 year ago

Is your feature request related to a problem? Please describe. When sending emails via my phone, I don't need to login to the mailserver. This allows anyone who knows of the server to send emails via it, if only as specific (but unauthenticated) users

Describe the solution you'd like Users should need to login to the mail server to send emails.

Describe alternatives you've considered N/A

Additional context None

jeboehm commented 1 year ago

I doubt that. Please check the instance using https://mxtoolbox.com/diagnostic.aspx and report the results here. My personal instance is not an open relay.

tiberios1 commented 1 year ago

image

jeboehm commented 1 year ago

I‘ve just tested with http://www.aupads.org/test-relay.html, which gives more details. Your test result with it would be helpful.

did you made configuration changes aside from the documented possibilities? First thing I thought of is trusted networks. Have you changed its value?

given that the second test says that your host is an open relay, you should consider turning the service off as long as the issue is not solved.

agittins commented 1 year ago

I would suspect a configuration issue, also. Running the tests against my deployment looks OK, I get: image

and from the aupads test: image

tiberios1 commented 1 year ago

from audpads - image

You mentioned trusted networks - where is that setting? I don't believe I've changed it. I have set a relayhost as I want my outgoing mail to go via my ISPs mailserver currently.... Not sure if that would make a difference.

In the mean time, I've blocked port 25 on my firewall to all but my antispam service (which all my inbound mail should go through anyway)

tiberios1 commented 1 year ago

I think I might have worked this out.... I use shorewall on the same machine that runs the docker containers. I specifically opened up port 25 to the host, but it looks like I didn't need to do that and by doing it, I ended up making it an open relay. Not sure I understand exactly what happened but removing the manual rules I put in for port 25 seems to have fixed it.

agittins commented 1 year ago

If your firewall rule applied source-nat (made the source address appear to be from the local host instead of an external host) that would make the connection match the trusted networks rule, which would result in an open relay. It might also be referred to as a hairpin route or similar.

jeboehm commented 1 year ago

Thank you both for clarification! I'll close this. :)