Author Topic: Security bug make postfix work as open relay for server domains  (Read 1901 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
I found a possible security bug in my servers and I think most of CWP users will have exactly the same problem.

It's possible to everyone send and email (at least via port 25) without use any username or password to every domain in the server used as host.

For example you have the server with hostname server.example.com, this server have multiple domain in it domain1.com, domain2.com, domain3.com.
If you send an email from other server via smtp and you use "server.example.com" as hosname, as email you can use what you want and you send an email to one of the domains hosted by the server for example domain1.com it is delivered without any problem.

This is a major security problem.
How can we prevent this?