On Wed, 7 Jan 2009 21:10:57 -0800 Jeff Weinberger <j...@jweinberger.homeip.net> wrote:
> 1) using the controls in postfix, is it possible to prevent
> authenticated
> users from using port 25 to submit mail? Is there a construct that
> would do
> that without interfering with incoming mail from anywhere?
Your smtpd_recipient_restrictions... Right now they're probably the same
for the smptd daemons listening on ports 25 and 587 and they include
one or more "permit_*" directives, probably "permit_mynetworks" and
"permit_sasl_authenticated". You'll remove those permit_* restrictions,
except possibly "permit_mynetworks" from main.cf and replace them with
an override ("-o" switch) on the submission service in master.cf.
submission inet n - n - - smtpd
-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
> 2) even if it's possible, it is advisable (I know no one is shy about
> offering opinions here, and I hope if you have one, you'll voice
> it :) )?
It's an extension of a great security model, but one of the things that
makes that model work is that it has been made easy to implement. It's
possible to break things like scripts that need to send mail off the
server with a fairly insignificant gain in security. It's not hard to
do, but you do need to know the system well to do it because it's at
least 2 steps off from any of the documented deployment recipes.
I'd do it for a small hobby server like mine just because it's my idea
of a good time. I'd also do it for corporate situations where
"mynetworks" includes machines that aren't in a room with a lock on the
door, but not if it meant reconfiguring every PHP app and shell script
that sends mail out of the company to authenticate itself.
Chris Babcock
signature.asc
Description: PGP signature
