Yesterday I discovered thousands of mail being sent through the mailserver of one of mine VPS systems.
So I did some digging and checked the logs, however, I did not see any authentication in the logs.
Then I did a test in my mailclient (Outlouk). What I discovered is that I could sent mails over my mailserver, without authentication! For receiving I need authentication, but not for sending.
Then I thought, maybe the incoming mail authentication is being transported to the outgoing mail settings in my mailclient (Outlouk), however, when I just check outgoing mail (even when I change my password, etc), it still succeeds according to the Outlouk test.
So I checked my config of postfix and compared to some on the iternet, and found lots of speculating about this setting:
Mine value was: permit_mynetworks permit_sasl_authenticated reject_unauth_destination
Then I changed this to permit_mynetworks permit_sasl_authenticated reject
Now I needed the outgoing mailserver verification, however, I wasn’t able to receive mail anymore from certain domains (in this case tested with Office 365).
So I’m a little lost here. I couldn’t find any conclusive guide on the correct / safe settings (even just to begin with) so I don’t know where my settings are wrong. Hopefully someone can share his postfix configuration so I can check it out.