On Mon, Feb 19, 2018 at 12:08 PM, Alex <mysqlstud...@gmail.com> wrote:
> HI,
> On Mon, Feb 19, 2018 at 11:42 AM, Wietse Venema <wie...@porcupine.org> wrote:
>> Alex:
>>> Hi,
>>> I have a postfix-3.1.4 system with a few hundred people using the
>>> submission service. One of the accounts was recently compromised, and
>>> started sending mail as fake users in the same domain. How can I
>>> prevent this?
>> See:
>> http://www.postfix.org/postconf.5.html#smtpd_sender_login_maps
>> And use one of:
>> http://www.postfix.org/postconf.5.html#reject_sender_login_mismatch
>> http://www.postfix.org/postconf.5.html#reject_authenticated_sender_login_mismatch
>> http://www.postfix.org/postconf.5.html#reject_unauthenticated_sender_login_mismatch
>> http://www.postfix.org/postconf.5.html#reject_known_sender_login_mismatch
> Is an unauthenticated client one that simply has not logged in successfully?
> Would I be safest by just starting with reject_sender_login_mismatch?
> Guidance on which restriction should be used would be appreciated.
> I was thinking I would just modify the script that is used to add new
> users to also now add to this smtpd_sender_login_maps then rebuild the
> hash. Does that sound correct?
> smtpd_sender_restrictions = reject_sender_login_mismatch
> smtpd_sender_login_maps = hash:/etc/postfix/sender_login_maps
> /etc/postfix/sender_login_maps
> us...@sub.example.com, us...@sub.example.com, us...@sub.example.com

I've done a test using the settings provided above and realized some
authenticated users are using their gmail account to send mail through
this system

Feb 19 12:45:34 email1 postfix/submission/smtpd[2257]: NOQUEUE:
reject: RCPT from unknown[]: 553 5.7.1
<gmbwi...@gmail.com>: Sender address rejected: not owned by user
user1; from=<gmbwi...@gmail.com> to=<spen...@icloud.com> proto=ESMTP

I also tried a test with a list of every account from /etc/passwd with
the domain added as a comma-separated list in a hash of

Feb 19 12:35:59 email1 postfix/submission/smtpd[29141]: NOQUEUE:
reject: RCPT from
107-131-33-27.lightspeed.sntcca.sbcglobal.net[]: 553
5.7.1 <us...@sub.example.com>: Sender address rejected: not owned by
user user1; from=<us...@sub.example.com> to=<sara...@gmail.com>
proto=ESMTP helo=<server>

Reply via email to