I can send it to everyone like spoofing


Hello to neth community!
I will use the subject as a colleague.
Right now I have a serious problem;
I have installed netserver latest version 7.5 with postfix on it.
I use a Thunderbird email client and send a letter from another email server by choosing “customize from address” and writing random@mynethserver.com and sending it successfully through which address I decide.

Тhe problem resembles that… " * SystemUserRecipientStatus {enabled,disabled} enabled , accept from any network the recipient addresses formed by user account names and domain part localhost , localhost.<domainname> and FQDN hostname." but in my config is disable…

In the previous version 7.4 I have not encountered a similar problem.
How can I stop this?
Best regards!

This is the NethServer sender policy: once authenticated the client can set any sender.

I don’t think this is related to the sender policy

The sender policy didn’t change since 7.3!

Could you provide an example with some maillog excerpts? Maybe I didn’t understand your issue!

They seem two distinct issues

I have standard 7.5 nethserver and configured as an email server - mail.mynethserver.com
I have Thunderbird mail client on windows with another email account, for example another_mail@anotheremailserver.com.
When sending a letter from a Thunderbird, I have the option to change the recipient via “customize from address” where I enter everything@mynethserver.com and I can send it to everyone like spoofing. No logging info in logviewer… :frowning:

Hi @Tyno,

as @davidep wrote:

But there’s a feature request with a solution for your issue that seems to work with Thunderbird (but not with other mail webapps like Roundcube or Webtop):


AFAIK the latest version of Webtop should allow user authentication for outgoing mail

These should be the commands to enable outgoing authentication on webtop:


But I haven’t tried.

1 Like