3

I am running a Mail Server on CentOS 7. All programs and system are up to date. My Mail Transfer Agent is Postfix, and it uses Dovecot SASL to authenticate the users.

In Postfix's configuration, my trusted network is only localhost. So, every hosts must authenticate under Dovecot SASL to send messages.

THE PROBLEM

Whether a malicious user get access to an account, for instance. He can send messages as if him were Ana, Bob and so on. How can I prevent it?

THE GOAL

In other words, I want the message be sent if and only if the user authenticated is the same in sender header. Exists any tool for it?

cl4rk
  • 33

1 Answers1

2

You probably want to use the reject_sender_login_mismatch parameter in your smtpd_sender_restrictions configuration, so you would have something like this:

smtpd_sender_restrictions =
    permit_mynetworks,
    reject_sender_login_mismatch,
    permit_sasl_authenticated,
    ...

This will allow mynetworks to send e-mails, but before permitting SASL authenticated clients, it will check if the sender login is mismatched.

As per the Postfix documentation:

reject_sender_login_mismatch: Reject the request when $smtpd_sender_login_maps specifies an owner for the MAIL FROM address, but the client is not (SASL) logged in as that MAIL FROM address owner; or when the client is (SASL) logged in, but the client login name doesn't own the MAIL FROM address according to $smtpd_sender_login_maps.

That implies creating a new map for users that can use each e-mail address, including themselves. So, if you have an address called foo@bar.com you'd need to add the map:

foo@bar.com      foo@bar.com

in order to allow foo@bar.com sending e-mails from that account once authenticated.

This allows you creating identities as well, so an account can have more than one allowed sender:

foo@bar.com      alice@bar.com

This would allow anyone identified as foo@bar.com send messages with the alice@bar.com identity as well.

nKn
  • 5,832