Re: Conditional SASL authentication

2015-02-24 Thread Steffen Kaiser
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 24 Feb 2015, Luciano Mannucci wrote: On Tue, 24 Feb 2015 18:56:03 +0100 Reindl Harald wrote: * if you cahnge the pwd SASL auth is taken away True. But this way the user will be unable to read his/her mail, including my message saying "Hey

Re: Conditional SASL authentication

2015-02-24 Thread Reindl Harald
Am 24.02.2015 um 19:48 schrieb Adrian Minta: On 24.02.2015 20:40, Reindl Harald wrote: Am 24.02.2015 um 19:37 schrieb Adrian Minta: On 24.02.2015 20:29, Reindl Harald wrote: don't allow senders which you would not receive mail for - period Seems interesting, at least until the bots adap

Re: Conditional SASL authentication

2015-02-24 Thread Adrian Minta
On 24.02.2015 20:40, Reindl Harald wrote: Am 24.02.2015 um 19:37 schrieb Adrian Minta: On 24.02.2015 20:29, Reindl Harald wrote: don't allow senders which you would not receive mail for - period Seems interesting, at least until the bots adapt to this. Any idea how could this be implemente

Re: Conditional SASL authentication

2015-02-24 Thread Reindl Harald
Am 24.02.2015 um 19:37 schrieb Adrian Minta: On 24.02.2015 20:29, Reindl Harald wrote: don't allow senders which you would not receive mail for - period Seems interesting, at least until the bots adapt to this. Any idea how could this be implemented? with the configuration i have posted i

Re: Conditional SASL authentication

2015-02-24 Thread Adrian Minta
On 24.02.2015 20:29, Reindl Harald wrote: don't allow senders which you would not receive mail for - period Seems interesting, at least until the bots adapt to this. Any idea how could this be implemented ? -- Best regards, Adrian Minta

Re: Conditional SASL authentication

2015-02-24 Thread Reindl Harald
Am 24.02.2015 um 19:20 schrieb Luciano Mannucci: On Tue, 24 Feb 2015 19:00:32 +0100 Reindl Harald wrote: so you allow random envelope senders on your servers? why? I know it is not necessarily a good idea... :) It is basicaly to allow fake home addresses from the office for some managers.

Re: Conditional SASL authentication

2015-02-24 Thread Luciano Mannucci
On Tue, 24 Feb 2015 19:00:32 +0100 Reindl Harald wrote: > so you allow random envelope senders on your servers? > why? I know it is not necessarily a good idea... :) It is basicaly to allow fake home addresses from the office for some managers. Thanks for the smtpd_recipient_restrictions list, i

Re: Conditional SASL authentication

2015-02-24 Thread Luciano Mannucci
On Tue, 24 Feb 2015 19:00:09 +0100 Benny Pedersen wrote: > no, when this happend disable smtp auth, but not login, then send a mail > why smtp auth is disabled This way, I'll block everybody, not only the troyan victims. luciano. -- /"\ /Via A. Salaino, 7 - 20144 Milan

Re: Conditional SASL authentication

2015-02-24 Thread Reindl Harald
Am 24.02.2015 um 19:04 schrieb Luciano Mannucci: On Tue, 24 Feb 2015 18:56:03 +0100 Reindl Harald wrote: * if you cahnge the pwd SASL auth is taken away True. But this way the user will be unable to read his/her mail, including my message saying "Hey, you've got a new virus!" if the accoun

Re: Conditional SASL authentication

2015-02-24 Thread Luciano Mannucci
On Tue, 24 Feb 2015 18:56:03 +0100 Reindl Harald wrote: > * if you cahnge the pwd SASL auth is taken away True. But this way the user will be unable to read his/her mail, including my message saying "Hey, you've got a new virus!". Thanks anyway, luciano. -- /"\ /Via A.

Re: Conditional SASL authentication

2015-02-24 Thread Adrian Minta
Hello, take a look at postfwd, especially "rate limit examples": http://postfwd.org/ -- Best regards, Adrian Minta

Re: Conditional SASL authentication

2015-02-24 Thread Reindl Harald
Am 24.02.2015 um 18:28 schrieb Luciano Mannucci: for the virus doesn't necessarily use the e-mail of the user as its from, just the user and password for the authentication phase so you allow random envelope senders on your servers? why? smtpd_recipient_restrictions = permit_mynetworks rejec

Re: Conditional SASL authentication

2015-02-24 Thread Benny Pedersen
On February 24, 2015 6:30:53 PM Luciano Mannucci wrote: Is it feasible? no, when this happend disable smtp auth, but not login, then send a mail why smtp auth is disabled

Re: Conditional SASL authentication

2015-02-24 Thread George Sexton
The things that occur to me are 1) Ensure that the sender domain is authorized by doing a rule in main.cf for send_restrictions. Then at least they won't be sending things with faked from=. 2) Do some work with rate limiting. http://steam.io/2013/04/01/postfix-rate-limiting/ 3) Look at some

Re: Conditional SASL authentication

2015-02-24 Thread Reindl Harald
Am 24.02.2015 um 18:28 schrieb Luciano Mannucci: I have a few users that are often hit by a trojan virus that steals e-mail user and password. Having a very little (if not null) power on their machines, I need to be able to block the outgoing mail wich is handled by postfix via dovecot SASL. Blo

Conditional SASL authentication

2015-02-24 Thread Luciano Mannucci
Hello, I have a few users that are often hit by a trojan virus that steals e-mail user and password. Having a very little (if not null) power on their machines, I need to be able to block the outgoing mail wich is handled by postfix via dovecot SASL. Blocking it at dovecot level would be optimal,