Postfix sending mail from nonexistent email addresses

Question

I recently migrated from Courier to Dovecot. The main guide I followed for configuring Postfix + MySQL + Dovecot was this one: https://library.linode.com/email/postfix/postfix2.9.6-dovecot2.0.19-mysql

Everything works perfect, but when I change the mail address in the mail client, leaving the correct login and password for the servers, and send an email with that fake mail (and domain) address, Postfix just sends it, without verifying if that email address existed in the database and without verifying if that email address was even mine.

So, there must be something wrong with my SMTP configuration. This is my actual configuration:

# Requirements for the sender details
smtpd_reject_unlisted_sender = yes
smtpd_reject_unlisted_recipient = yes

smtpd_sender_restrictions =
        warn_if_reject,
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_non_fqdn_sender,
        reject_unknown_sender_domain,
        reject_unauth_pipelining,
        reject_unlisted_sender,
        reject_unverified_sender,
        permit

# Requirements for the connecting server
smtpd_client_restrictions =
        reject_rbl_client zen.spamhaus.org,
        reject_rbl_client blackholes.easynet.nl,
        reject_rbl_client bl.spamcop.net,
        permit

# Requirement for the recipient address
smtpd_recipient_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_unauth_pipelining,
        reject_non_fqdn_recipient,
        reject_unknown_recipient_domain,
        reject_unauth_destination,
        reject_unlisted_recipient,
        reject_unverified_recipient,
        check_policy_service inet:127.0.0.1:10023,
        permit

smtpd_data_restrictions =
        reject_unauth_pipelining

# require proper helo at connections
smtpd_helo_required = yes
# waste spammers time before rejecting them
smtpd_delay_reject = yes
isable_vrfy_command = yes

Anyone?

Answer 1

The reject_unlisted_sender restriction listed in smtpd_sender_restrictions is listed after permit_mynetworks and permit_sasl_authenticated. Postfix traverses the restriction list in order and terminates when it hits the first permit/reject and hence never reaches reject_unlisted_sender. Since your message wasn't rejected by reject_unauth_destination it must've been accepted because of permit_mynetworks or permit_sasl_authenticated.

Additionally, unless the sender address you used had a domain part that was actually "owned" by Postfix (i.e. listed in mydestination, virtual_mailbox_domains, virtual_alias_domains, or relay_domains), it can't be validated and reject_unlisted_sender won't work. See details in the postconf(5) man page.

Other observations:

• The warn_if_reject restriction is placed before permit_mynetworks. Because the latter never rejects anything the warn_if_reject restriction serves no purpose.
• Since you explicitly use reject_unlisted_recipient and reject_unlisted_sender, setting smtpd_reject_unlisted_sender and smtpd_reject_unlisted_recipient isn't necessary.
• The final permit at the end of (nearly) every list is implicit and can be dropped.
• Unless it's a copy/paste mistake, you've misspelled disable_vrfy_command.
• I'd suggest you merge the client and sender restriction lists into smtpd_recipient_restrictions. With smtpd_delay_reject enabled all restrictions will be evaluated at the recipient stage anyway, and a single list usually makes the configuration easier to understand.