Stopping Postfix sending local mail to other virtualhost
I am running Ubuntu 10.04 LTS with Postfix/Dovecot and ISPConfig.
I have 3 virtual domains setup on my Linode. Each with it's own set of email accounts.
When configuring Outlook to access/test these accounts, I noticed that I could sometimes send mails without using the right account password. It took me a little while to figure out what's happening.
Without a password, my mail server WILL NOT send to domains/destinations that are not local to my linode. An error message is generated. That's good.
However, I found that I could send emails from one of my virtual domains to another one of my virtual domains without needing a password. NOT GOOD. Yes they are local, but they could belong to someone else who doesn't appreciate spam and might get offended. ClamAV is able to detect (presumably through a malformed header or something) these emails and adds SPAM to the subject, so it's possible to detect these emails. But how do you stop them going out in the first place.
I have SSL configured on my server, but don't necessarily want to force all clients to use it for their emails.
You could set up two completely different servers: one to handle outgoing mail (SMTP), one to handle incoming mail (IMAP). There would be no local mailboxes on the outgoing mail server, so all mail would require authentication. (However, the incoming mail server would still accept mail without authentication, of course.)
Also, if your local users are sending out spam that might offend your other local users, just wait until the rest of the Internet gets mail from them.
thnx for your comments. I have a single linode at the moment, so my server will have to do both.
I've got ClamAV installed, which marks these emails with 'SPAM'.
I'm about to implement a few guides I found at HowToForge on how to improve anti-spam performance. They include the use of GreyList.
How is everyone else handling this problem? Any other tips?
Any other tips?
Yes, avoid HowtoForge like the plague.
The only advice they offer is bad.
There are zillions of good sysadmin blogs that tell you the correct way to setup things, Howtoforge isn't one of them.