Hi, I have a postfix-3.1.4 system with a few hundred people using the submission service. One of the accounts was recently compromised, and started sending mail as fake users in the same domain. How can I prevent this?
In other words, if the sasl_username is alice, I'd like to restrict the envelope sender and From address to only legitimate accounts belonging to that sasl user. Feb 18 03:50:12 email1 postfix/submission/smtpd[16511]: 2B76FA3D19CBD: client=unknown[195.228.173.187], sasl_method=PLAIN, sasl_username=ali ce Feb 18 03:50:12 email1 postfix/qmgr[5576]: 2B76FA3D19CBD: from=<geo...@example.com>, size=836, nrcpt=2 (queue active) Feb 18 03:50:12 email1 postfix/cleanup[13987]: 2B76FA3D19CBD: message-id=<32e0ec46-15b7-4fac-cac4-ee0338749...@example.com> Feb 18 03:50:13 email1 postfix/smtp[16254]: 2B76FA3D19CBD: to=<taochen2...@u.northwestern.edu>, relay=aspmx.l.google.com[74.125.29.27]:25, delay=1.2, delays=0.47/0/0.24/0.49, dsn=2.0.0, status=sent (250 2.0.0 OK 1518943813 o21si7120882qtc.256 - gsmtp) I have the following configuration relating to submission: submission_overrides = no_unknown_recipient_checks, no_header_body_checks submission inet n - n - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING -o receive_override_options=$submission_overrides -o syslog_name=postfix/submission Are there other changes I should make to limit or prevent this type of account abuse?
