Skip to content

This adds some security accepting only valid email / alias address for login

It was possible to send mail like as: invalid@gmail.com even though login were troll@spam.site

Now only valid email / alias for login are allowed: valid@alias.email logged in as user@domain.tld

It's recommended to change HowtoForge installation tutorials regarding /etc/postfix/master.cf:

submission inet n       -       y       -       -       smtpd
 -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#uncomment below line for mandatory STARTTLS on TCP port 587
# -o smtpd_tls_security_level=encrypt
smtps     inet  n       -       y       -       -       smtpd
 -o smtpd_client_restrictions=permit_sasl_authenticated,reject
 -o smtpd_tls_wrappermode=yes

Here I explain why I recommend to remove below lines from /etc/postfix/master.cf:

#this is already defined in /etc/postfix/main.cf
 -o smtpd_sasl_auth_enable=yes
#these are just for logging, not needed
 -o syslog_name=postfix/smtps
 -o syslog_name=postfix/submission
#this is already defined in /etc/postfix/main.cf as MAY what is perfectly fine
 -o smtpd_tls_security_level=encrypt

Note: tested in productive email server, everything worked fine including DKIM signing.

Edited by Marius Burkard

Merge request reports