On Aug 24, 2014, at 12:18 PM, D'Arcy J.M. Cain <da...@vex.net> wrote:
> On Sun, 24 Aug 2014 16:06:36 +0000 > Viktor Dukhovni <postfix-us...@dukhovni.org> wrote: >> Postfix 2.11 or later has a new feature: >> >> http://www.postfix.org/postconf.5.html#check_sasl_access >> >> If your relay restrictions look like: >> >> main.cf: >> indexed = ${default_database_type}:${config_directory}/ >> smtpd_relay_restrictions = >> check_sasl_access ${indexed}sasl-access, >> permit_sasl_authenticated, >> permit_mynetworks, >> reject_unauth_destination >> >> (before any user account is compromised), then once an account >> is hijacked: >> >> sasl-access: >> lu...@example.com REJECT 5.7.1 Your login is compromised. > > This is a particularly good solution as it allows the user to continue > receiving email so that you can send them them a message explaining > exactly what the problem is. And I assume this can be sql-backed, correct? So it should be easy to build a web-based tool for staff to nuke/un-nuke account once the issue has been addressed. Charles > > -- > D'Arcy J.M. Cain > System Administrator, Vex.Net > http://www.Vex.Net/ IM:da...@vex.net > VoIP: sip:da...@vex.net
