Submitted by arjones85 on Thu, 01/20/2011 - 19:55
When mail is disabled for a particular domain, options that are mail-only are still shown when you click on "Edit FTP Users", such as "Additional email address" and "Login Permissions" showing "Mail" in the drop down box.
Also, it appears that these FTP users are still able to send and receive (or at least authenticate against the pop server) mail even though "Mail for Domain" is turned off. They authenticate against Postfix/saslauthd as if this option was never disabled and are able to send mail. Is this by design? What does disabling the Mail for Domain feature actually disable?
Status:
Active
Comments
Submitted by Locutus on Fri, 01/21/2011 - 12:18 Comment #1
As far as I understand it, disabling it just turns off mail reception for the domain, as in creation of the necessary "virtual domains" table entries in Postfix. Local users (and domain owners / FTP users are such) can always authenticate and send out email. (Of course that can be changed directly in the Webmin Postfix module.)
For the server owner that's useful too I suppose - if they have web code installed that needs to send out email, e.g. for user registration - even if the domain is not supposed to receive email. FTP users though I guess should not be able to send email if you tell Virtualmin that they mustn't...
Submitted by JamieCameron on Fri, 01/21/2011 - 13:03 Comment #2
Yes, this is by design .. the "primary email address" option just controls if their username@domain.com address is active. It is possible for a user to have email addresses other than this, and to send and download email regardless..
Submitted by Locutus on Fri, 01/21/2011 - 18:35 Comment #3
@Jamie: If I understood the original post correctly, the FTP users the customer has defined can still connect to Postfix to send mail, even though the "Mail for Domain" feature is disabled.
Submitted by arjones85 on Sat, 01/22/2011 - 00:20 Comment #4
This is correct, tested and confirmed. The FTP users created after I disabled mail for that domain could still authenticate against the server and send mail.
In my opinion, the only account that should be permitted to send mail with "Mail for Domain" disabled is the primary user account that owns the domain.
Submitted by JamieCameron on Sat, 01/22/2011 - 00:21 Comment #5
Unfortunately, Postfix doesn't have any way to implement this that I know of - any user on the system can send mail, but only those in domains for which mail is enabled can receive it.
Submitted by Locutus on Sat, 01/22/2011 - 08:17 Comment #6
In my opinion, from a security point of view, that's not critical.
If a user has FTP access, they probably have access to some part of the web page. Which means, if in doubt, they can install some script that sends mail on behalf of the server owner or web server account, which is always allowed to send out mail, or which can even directly connect to destination mail servers.
In other words, giving a user FTP access is a considerably greater "security clearance" than allowing them to send email. :)