How to enable force SMTP authentication for telnet connection?

Created:

2016-11-16 13:06:58 UTC

Modified:

2017-04-24 11:57:19 UTC

0

Was this article helpful?


Have more questions?

Submit a request

How to enable force SMTP authentication for telnet connection?

Applicable to:

  • Plesk 12.5 for Linux
  • Plesk 11.5 for Windows
  • Plesk 12.0 for Linux

Question

It is possible to send emails between local users via telnet utility without authentication.How to enable force SMTP authentication for telnet connection?

Answer

It can be done on per domain basis as follows:

  1. Create a file which contains the following data:
    # cat /etc/postfix/restrict_senders_domain
    example.com REJECT You are not approved to sent an unauthorized emails!

If the sender domain matches example.com domain and the sender in not authenticated then sending email will be prohibited.

  1. Add check_sender_access hash:/etc/postfix/access to smtpd_sender_restrictions parameter in /etc/postfix/main.cf configuration file:

    # grep smtpd_sender_restrictions /etc/postfix/main.cf
    smtpd_sender_restrictions = check_sender_access hash:/var/spool/postfix/plesk/blacklists, permit_sasl_authenticated, check_sender_access hash:/etc/postfix/restrict_senders_domain
  2. To apply settings above execute the following commands:

    # postmap /etc/postfix/restrict_senders_domain
    # service postfix restart

After steps above attempt to send email on behalf of unauthorized and invalid user will be rejected:

    # telnet 10.20.30.40 25
Trying 10.20.30.40...
Connected to 10.20.30.40.
Escape character is '^]'.
220 server.hostname.com ESMTP Postfix (Ubuntu)
EHLO example.com
250-server.hostname.com
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-AUTH DIGEST-MD5 CRAM-MD5 PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
MAIL FROM: novaliduser@example.com
250 2.1.0 Ok
RCPT TO: validuser@example.com
554 5.7.1 <novaliduser@example.com>: Sender address rejected: You are not approved to sent an unauthorized emails!
quit
221 2.0.0 Bye
Connection closed by foreign host.
Have more questions? Submit a request
Please sign in to leave a comment.