search

simple-login / simplelogin-postfix-docker

The missing Docker image for SimpleLogin Postfix
https://hub.docker.com/r/simplelogin/postfix
GNU General Public License v3.0
20 stars 22 forks source link

My sl-postfix instance is being used to send spam #30

Closed rubencm closed 8 months ago

rubencm commented 8 months ago

I'm having some spam issues with my servers, and I'm investigating the cause. The problem I have is that anyone can send emails through my server. This is my configuration:

    sl-postfix:
        image: simplelogin/postfix:4
        restart: unless-stopped
        ports:
            - "25:25"
            - "465:465"
        environment:
            ALIASES_DEFAULT_DOMAIN: mydomain.com
            DB_HOST: postgres
            DB_USER: user
            DB_PASSWORD: pw
            DB_NAME: simplelogin
            EMAIL_HANDLER_HOST: sl-email
            POSTFIX_FQDN: mail.mydomain.com
            SSL_CERT_FOLDER: /mnt/certs
            SIMPLELOGIN_COMPATIBILITY_MODE: v4
#            RELAY_HOST: test-relay-server:587
#            RELAY_HOST_USERNAME: myusername
#            RELAY_HOST_PASSWORD: mypassword
        volumes:
            - certs:/mnt/certs
        networks:
            - sl-network
        depends_on:
            - postgres
            - certgen

# Edit: I add relevant info about the network conf, because the email comes from 10.0.0.1
networks:
    sl-network:
        ipam:
            config:
                - subnet: 10.0.0.0/24
                  gateway: 10.0.0.1

When I connect to the port 25 to send an email from my computer with the command:

swaks --to mymail@proton.me --from test@mydomain.com --server mail.mydomain.com:25
=== Trying mail.mydomain.com:25...
=== Connected to mail.mydomain.com.
<-  220 mail.mydomain.com ESMTP Postfix
 -> EHLO desktop
<-  250-mail.mydomain.com
<-  250-PIPELINING
<-  250-SIZE 10240000
<-  250-VRFY
<-  250-ETRN
<-  250-ENHANCEDSTATUSCODES
<-  250-8BITMIME
<-  250-DSN
<-  250-SMTPUTF8
<-  250 CHUNKING
 -> MAIL FROM:<test@mydomain.com>
<-  250 2.1.0 Ok
 -> RCPT TO:<mymail@proton.me>
<-  250 2.1.5 Ok
 -> DATA
<-  354 End data with <CR><LF>.<CR><LF>
 -> Date: Sun, 22 Oct 2023 15:46:07 +0200
 -> To: mymail@proton.me
 -> From: test@mydomain.com
 -> Subject: test Sun, 22 Oct 2023 15:46:07 +0200
 -> Message-Id: <20231022154607.1128647@desktop>
 -> X-Mailer: swaks vDEVRELEASE jetmore.org/john/code/swaks/
 -> 
 -> This is a test mailing
 -> 
 -> 
 -> .
<-  250 2.0.0 Ok: queued as 86DFA2A5643
 -> QUIT
<-  221 2.0.0 Bye
=== Connection closed with remote host.

The email is sent without problems, so everyone can do it too. This is the sl-postfix log:

simple-login-sl-postfix-1  | Oct 22 13:46:07 mail postfix/smtpd[85]: connect from unknown[10.0.0.1]
simple-login-sl-postfix-1  | Oct 22 13:46:07 mail postfix/smtpd[85]: 86DFA2A5643: client=unknown[10.0.0.1]
simple-login-sl-postfix-1  | Oct 22 13:46:07 mail postfix/cleanup[88]: 86DFA2A5643: message-id=<20231022154607.1128647@desktop>
simple-login-sl-postfix-1  | Oct 22 13:46:07 mail postfix/qmgr[83]: 86DFA2A5643: from=<test@mydomain.com>, size=447, nrcpt=1 (queue active)
simple-login-sl-postfix-1  | Oct 22 13:46:07 mail postfix/smtpd[85]: disconnect from unknown[10.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
simple-login-sl-postfix-1  | Oct 22 13:46:16 mail postfix/smtp[89]: 86DFA2A5643: to=<mymail@proton.me>, relay=mail.protonmail.ch[185.70.42.128]:25, delay=8.8, delays=0.26/0/6.1/2.4, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 4SD0396T4Pz7QQ5S)
simple-login-sl-postfix-1  | Oct 22 13:46:16 mail postfix/qmgr[83]: 86DFA2A5643: removed