On Tue, Jul 09, 2024 at 12:54:38PM +0100, Gilgongo via Postfix-users wrote:
> I've set up our mail server (with some help from this list, for which much
> thanks) to scan sasl-auth senders for spam and viruses with Amavis.
I am puzzled as to why you are linking SASL with content inspection.
You can enable content inspection on any submission service (including
local submission via: sendmail(1) -> postdrop(1) -> pickup(8) ->
cleanup(8)). SASL has nothing to do with it.
> I'd now like to make sure that rogue processes can't bypass those checks,
> particularly web servers (I already have PHP using msmtp to enforce
> well-behaved scripts to do that at least).
Just configure content inspection on all the submission pathways.
> My first thought was to start by firewalling off mail ports on the local
> machine to only allow processes owned by root or postfix.
Why? Just inspect the messages they submit, SASL is not required.
> Then make any non-root sending processes use smtp-auth to send out.
> But is there a better > way?
Postfix accepts mail via one of:
- Local submission via (ultimately) pickup(8), where you can specify
content_filters, a custom cleanup(8) instance with
non_smtpd_milters, ...
- Inbound mail smtpd(8) on TCP port 25.
- Submission via TCP on ports 465 and 587.
Any of these can perform access control (by user login name or uid
in the case of pickup), by message envelope and/or SASL credentials
in the case of the TCP services. Any of these can also arrange
for content inspection.
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
