HI, On Mon, Feb 19, 2018 at 12:08 PM, Alex <mysqlstud...@gmail.com> wrote: > HI, > > On Mon, Feb 19, 2018 at 11:42 AM, Wietse Venema <wie...@porcupine.org> wrote: >> Alex: >>> Hi, >>> I have a postfix-3.1.4 system with a few hundred people using the >>> submission service. One of the accounts was recently compromised, and >>> started sending mail as fake users in the same domain. How can I >>> prevent this? >> >> See: >> http://www.postfix.org/postconf.5.html#smtpd_sender_login_maps >> >> And use one of: >> http://www.postfix.org/postconf.5.html#reject_sender_login_mismatch >> http://www.postfix.org/postconf.5.html#reject_authenticated_sender_login_mismatch >> http://www.postfix.org/postconf.5.html#reject_unauthenticated_sender_login_mismatch >> http://www.postfix.org/postconf.5.html#reject_known_sender_login_mismatch > > Is an unauthenticated client one that simply has not logged in successfully? > > Would I be safest by just starting with reject_sender_login_mismatch? > Guidance on which restriction should be used would be appreciated. > > I was thinking I would just modify the script that is used to add new > users to also now add to this smtpd_sender_login_maps then rebuild the > hash. Does that sound correct? > > smtpd_sender_restrictions = reject_sender_login_mismatch > smtpd_sender_login_maps = hash:/etc/postfix/sender_login_maps > > /etc/postfix/sender_login_maps > us...@sub.example.com, us...@sub.example.com, us...@sub.example.com
I've done a test using the settings provided above and realized some authenticated users are using their gmail account to send mail through this system Feb 19 12:45:34 email1 postfix/submission/smtpd[2257]: NOQUEUE: reject: RCPT from unknown[65.158.206.234]: 553 5.7.1 <gmbwi...@gmail.com>: Sender address rejected: not owned by user user1; from=<gmbwi...@gmail.com> to=<spen...@icloud.com> proto=ESMTP helo=<Frontdesk> I also tried a test with a list of every account from /etc/passwd with the domain added as a comma-separated list in a hash of /etc/postfix/sender_login_maps: Feb 19 12:35:59 email1 postfix/submission/smtpd[29141]: NOQUEUE: reject: RCPT from 107-131-33-27.lightspeed.sntcca.sbcglobal.net[107.131.33.27]: 553 5.7.1 <us...@sub.example.com>: Sender address rejected: not owned by user user1; from=<us...@sub.example.com> to=<sara...@gmail.com> proto=ESMTP helo=<server>
