On Mon, Feb 19, 2018 at 12:08 PM, Alex <mysqlstud...@gmail.com> wrote:
> On Mon, Feb 19, 2018 at 11:42 AM, Wietse Venema <wie...@porcupine.org> wrote:
>>> I have a postfix-3.1.4 system with a few hundred people using the
>>> submission service. One of the accounts was recently compromised, and
>>> started sending mail as fake users in the same domain. How can I
>>> prevent this?
>> And use one of:
> Is an unauthenticated client one that simply has not logged in successfully?
> Would I be safest by just starting with reject_sender_login_mismatch?
> Guidance on which restriction should be used would be appreciated.
> I was thinking I would just modify the script that is used to add new
> users to also now add to this smtpd_sender_login_maps then rebuild the
> hash. Does that sound correct?
> smtpd_sender_restrictions = reject_sender_login_mismatch
> smtpd_sender_login_maps = hash:/etc/postfix/sender_login_maps
> us...@sub.example.com, us...@sub.example.com, us...@sub.example.com
I've done a test using the settings provided above and realized some
authenticated users are using their gmail account to send mail through
Feb 19 12:45:34 email1 postfix/submission/smtpd: NOQUEUE:
reject: RCPT from unknown[22.214.171.124]: 553 5.7.1
<gmbwi...@gmail.com>: Sender address rejected: not owned by user
user1; from=<gmbwi...@gmail.com> to=<spen...@icloud.com> proto=ESMTP
I also tried a test with a list of every account from /etc/passwd with
the domain added as a comma-separated list in a hash of
Feb 19 12:35:59 email1 postfix/submission/smtpd: NOQUEUE:
reject: RCPT from
5.7.1 <us...@sub.example.com>: Sender address rejected: not owned by
user user1; from=<us...@sub.example.com> to=<sara...@gmail.com>