Postfix allows unauthenticated users to send emails

Hey I set up Postfix to use cyrus SASL implantation and I'm able to login and send emails, but I can still telnet on port 25 and send mails even if I'm not authenticated, which I whish to deny.

smtp_sasl part of my main.cf:

smtpd_sasl_path = smtpd
smtpd_sasl_type = cyrus
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions = reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unlisted_recipient, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_invalid_hostname, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_rbl_client, sbl-xbl.spamhaus.org, reject_rbl_client, bl.spamcop.net, reject_rbl_client, list.dsbl.org, reject_rbl_client, rbl.mail-abuse.org, reject_rbl_client, spamsources.fabel.dk

Full config here

Did I forgot something?

Telnet Log:

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2014.04.20 16:10:32 =~=~=~=~=~=~=~=~=~=~=~=
220 the999ers.eu ESMTP Postfix (Debian/GNU)
ehlo kim-nuernberger.eu
250-the999ers.eu
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
MAIL FROM: [email protected]
250 2.1.0 Ok
RCPT TO: [email protected]
DATA
250 2.1.5 Ok
354 End data with <CR><LF>.<CR><LF>
Subject: test
This is a test mail
.
250 2.0.0 Ok: queued as B82481DF1CE
quit
221 2.0.0 Bye

this was captured from my local pc and I connected via my domain kim-nuernberger.eu.

Postfix log (/var/log/mail.log)

Apr 20 16:31:37 The999ers postfix/smtpd[16420]: connect from unknown[2a03:4000:2:206::1]
Apr 20 16:31:57 The999ers postfix/smtpd[16420]: 25CED1DF1CE: client=unknown[2a03:4000:2:206::1]
Apr 20 16:32:13 The999ers postfix/cleanup[16425]: 25CED1DF1CE: message-id=<[email protected]>
Apr 20 16:32:13 The999ers postfix/qmgr[16407]: 25CED1DF1CE: from=<[email protected]>, size=385, nrcpt=1 (queue active)
Apr 20 16:32:14 The999ers postfix/smtp[16426]: 25CED1DF1CE: to=<[email protected]>, orig_to=<[email protected]>, relay=mx4.hotmail.com[65.55.37.104]:25, delay=25, delays=23/0.01/0.47/1.1, dsn=2.0.0, status=sent (250  <[email protected]> Queued mail for delivery)
Apr 20 16:32:14 The999ers postfix/qmgr[16407]: 25CED1DF1CE: removed
Apr 20 16:32:14 The999ers postfix/smtpd[16420]: disconnect from unknown[2a03:4000:2:206::1]

Note: I updated the log after fixing some unnecessary problems.

Well I open the telnet connection from my local pc and connect via the domain (kim-nuernberger.eu in this case) to the server, so this shouldn't happen, right?

Can you give the IP address or it's prefix of your local pc and your server?

Even removing permit_mynetworks doesn't work at all..

can you update the question with the telnet command that worked and the postfix log lines generated for the same?

Okay I added my local telnet log and the postfix log from the server.

Hey postfix will not require authentication to receive mails for the domains it handle under mydestination,relay_domains virtual_alias_domains and virtual_mailbox_domains. Users will not be able to relay to external domains(i.e the domains that are remote. eg. gmail.com) unless they authenticate and this is the expected behaviour.

Okay I got it - I was sending mails to the server it self the whole time and didn't tried another relay.. When you write a new answer I will accept it and give it the bounty. Thank you!

Thanks for keeping the next one in mind :)