Sorry, sent to the sender instead of the list. Resending. Dnia 13.03.2022 o godz. 22:48:37 Matt Kinni pisze: > > My goal is to carve out an exception for this process that doesn't > compromise the overall security of my server, or allow any local > users to spoof the FROM address of any other user without needing to > login (whilst allowing setroubleshootd to do exactly that). > > The solution I came up with was to define a special smtp service in > master.cf that bypasses the usual checks: > > 127.0.0.1:2525 inet n - n - - smtpd > -o syslog_name=postfix/setroubleshoot > -o smtpd_tls_security_level=none > -o smtpd_sasl_auth_enable=no > -o smtpd_client_restrictions=permit_mynetworks,reject > -o smtpd_helo_restrictions= > -o smtpd_sender_restrictions= > -o content_filter=amavisfeed:[127.0.0.1]:10026 > > This works of course, but how to stop users that aren't > setroubleshoot from using this same service and bypassing all of the > security? I'm just wondering if there is a better way to accomplish > this.
Looks like a job for identd. You have to set up identd on your server and make the Postfix service on port 2525 to ask identd about the userid of connecting process. If it's not setroubleshoot, you should reject the connection. I don't know if there's any built-in option in Postfix to use identd; you'd probably have to write a policy service for that. Another option may be - if this is possible - to configure setroubleshootd to use a very specific HELO string when connecting and chck for that particular HELO in smtpd_helo_restrictions for service on port 25. In that case HELO string acts as some kind of password. You may also (again if this is possible in setroubleshootd) insert a very specific header into the message and use a milter to reject message if the header is not present. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub."
