Hi,
I have a postfix-3.1.4 system with a few hundred people using the
submission service. One of the accounts was recently compromised, and
started sending mail as fake users in the same domain. How can I
prevent this?

In other words, if the sasl_username is alice, I'd like to restrict
the envelope sender and From address to only legitimate accounts
belonging to that sasl user.

Feb 18 03:50:12 email1 postfix/submission/smtpd[16511]: 2B76FA3D19CBD:
client=unknown[195.228.173.187], sasl_method=PLAIN, sasl_username=ali
ce
Feb 18 03:50:12 email1 postfix/qmgr[5576]: 2B76FA3D19CBD:
from=<geo...@example.com>, size=836, nrcpt=2 (queue active)
Feb 18 03:50:12 email1 postfix/cleanup[13987]: 2B76FA3D19CBD:
message-id=<32e0ec46-15b7-4fac-cac4-ee0338749...@example.com>
Feb 18 03:50:13 email1 postfix/smtp[16254]: 2B76FA3D19CBD:
to=<taochen2...@u.northwestern.edu>,
relay=aspmx.l.google.com[74.125.29.27]:25, delay=1.2,
delays=0.47/0/0.24/0.49, dsn=2.0.0, status=sent (250 2.0.0 OK
1518943813 o21si7120882qtc.256 - gsmtp)

I have the following configuration relating to submission:

submission_overrides = no_unknown_recipient_checks, no_header_body_checks

submission inet n       -       n       -       -       smtpd
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
  -o receive_override_options=$submission_overrides
  -o syslog_name=postfix/submission

Are there other changes I should make to limit or prevent this type of
account abuse?

Reply via email to