structural description
- Server A runs postfix and acts as smarthost for server B (also running postfix), reject_authenticated_sender_login_mismatch is set and works (almost) as expected, see below
- Client C's MUA sends mails via Server A
- B and C both connect via submission port and authentificate with STARTTLS
what happens when trying to forge sender
- Setting an arbitrary FROM: header by changing the sender address in thunderbird or adding a new identity in roundcube leads to the expected result: the mail is declined
- doing the same using
mail -s "This is a Subject" -a "From: forged_address@example.net"on Server B using A as Smarthost results in successfully sending the mail
observed differences
The following was observed by increasing the verbosity of postfix' smtpd
- thunderbird and roundcube login and then directly set the
FROM:to an accepted value Server B starts in the same way but somehow manages to change the
FROM:header afterwards. This cannot be seen in postfix smtpd logfile but in the mail which is finally sent:Return-Path: <valid_address@example.com> Delivered-To: herrhannes@example.com Received: from mail.example.com by mail.example.com (Dovecot) with LMTP id UuV2IVaP3lvdKAAAEby5rg for <herrhannes@example.com>; Sun, 04 Nov 2018 07:19:02 +0100 To: herrhannes@example.com Subject: This is a Subject From: forged_address@example.com MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit Message-Id: <20181104061902.15A9F4A9@debian.example.com> Date: Sun, 4 Nov 2018 07:19:02 +0100 (CET) Authentication-Results: ORIGINATING; auth=pass smtp.auth=valid_address@example.com smtp.mailfrom=valid_address@example.com body of your email- at least it is not (as opposed to valid mails) DKIM signed
- This is not spam, I just do not want that "everybody" is able to forge sender addresses
questions
- Why does this happen?
- More important: What can I do to prevent it happening?
