I have a postfix-3.1.4 system with a few hundred people using the
submission service. One of the accounts was recently compromised, and
started sending mail as fake users in the same domain. How can I
prevent this?

In other words, if the sasl_username is alice, I'd like to restrict
the envelope sender and From address to only legitimate accounts
belonging to that sasl user.

Feb 18 03:50:12 email1 postfix/submission/smtpd[16511]: 2B76FA3D19CBD:
client=unknown[], sasl_method=PLAIN, sasl_username=ali
Feb 18 03:50:12 email1 postfix/qmgr[5576]: 2B76FA3D19CBD:
from=<geo...@example.com>, size=836, nrcpt=2 (queue active)
Feb 18 03:50:12 email1 postfix/cleanup[13987]: 2B76FA3D19CBD:
Feb 18 03:50:13 email1 postfix/smtp[16254]: 2B76FA3D19CBD:
relay=aspmx.l.google.com[]:25, delay=1.2,
delays=0.47/0/0.24/0.49, dsn=2.0.0, status=sent (250 2.0.0 OK
1518943813 o21si7120882qtc.256 - gsmtp)

I have the following configuration relating to submission:

submission_overrides = no_unknown_recipient_checks, no_header_body_checks

submission inet n       -       n       -       -       smtpd
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
  -o receive_override_options=$submission_overrides
  -o syslog_name=postfix/submission

Are there other changes I should make to limit or prevent this type of
account abuse?

Reply via email to