[TriLUG] Postfix, Thunderbird and Submission

[Aaron Schrab]

At 10:57 -0500 28 Nov 2011, Alan Porter <porter at trilug.org> wrote:
>You may also want to look at how pilot is configured.
>The postfix config files should be readable by all.

I've now taken a look at the postfix config on pilot, and I see that the 
submission service isn't setup how it's supposed to be.  The policy for 
it is the same as for port 25, allowing unauthenticated clients to send 
messages to any address served by pilot.

The main point of using a separate port for message submission is that 
it should only accept messages from permitted clients, preferably by 
authenticating the client although allowing a local network should also 
be acceptable in some cases.  This allows ISPs to filter connections to 
port 25 from their client network to prevent their customers' computers 
from being used to relay spam bypassing mail servers that would be 
better able to detect that pattern of abuse.

Allowing unauthenticated messages to be delivered via port 587 this 
protection is somewhat reduced.  It isn't completely eliminated since I 
doubt if much spamming software would actually try to deliver this way, 
but if this misconfiguration becomes common the likelihood of that would 
increase.  It also doesn't really help anybody trying to run a 
legitimate mail server from behind such a filter, since they're unlikely 
to try this type of delivery even if it were to become commonly allowed.

It should be simple to fix the config on pilot by adding

	-o smtpd_recipient_restrictions = permit_sasl_authenticated,reject

to the configuration of the submission service in master.cf.  It may be 
desirable to include permit_mynetworks in there as well, but I doubt 
that it would be necessary.

I also noticed that the unix-domain smtp service is defined twice in 
master.cf, the first time with chroot disabled, the second time with 
chroot allowed which appears to be the normal configuration for that.