SMTP Reject Login - How?


I have almost completed my setup of my domains now but I’m stuck on one last part; and that is SMTP authentication.

What I want to be able to do is to prevent any unknown user from sending emails via my SMTP. If I (or anyone) uses an unknown email/address to authenticate I would like it to fail. Right now, no matter what username and/or password I’m using via Outlook, I can send a test email even with a totally bogus email/username,, with or without a password which is totally insecure.

Could someone please explain which settings I need to change in order to get ALL unknown accounts/emails from connecting/authenticating in order to prevent my SMTP from being used as an open relay.

Any help, as always, greatly received!

Is this what you’re looking for?

Well, I’ll have a look at this but I was hoping it was something done internally using Virtualmin rather than messing with config files myself. I hate the stupid warning messages that Postfix sends out when you restart it in command line mode (the unknown directives “$mua_” etc…). I’m not sure if they are internal to Virtualmin and if they are, where are they stored so I can replace them?

In my experience, Webmin just reads from the standard service config files, so you should be fine manually editing. Of course, the guide can be useful to know what to set, and then you can go look for the appropriate thing in Webmin. Just a quick look now and Webmin->Servers->Postfix->SMTP Authentication And Encryption might be a good place to start. :slight_smile:

I’ve done all that and got my POP3 working correctly (under Dovecote) using SSL but I cannot for the life of me figure out how to configure SMTP to only accept authorised users either with or without SSL authentication. Right now I can’t even connect with my own legitimate emails but I think that’s as I have reject plain-text enabled, just to see if I could use SAP but that doesn’t work either.