Restricting postfix so only existing users can be senders.

3 posts / 0 new

Topic locked

#1 Thu, 03/14/2013 - 07:12

roever

Restricting postfix so only existing users can be senders.

Hi.

I have virtualmin GPL and host a couple of sites.

Earlier this week i noticed that one of my sites had been hacked and used to send spam. I have locked down the site, cleaned the bad code and installed security patches to fix future problems for that site.

However this might become a problem in the future.

I noticed in the logs that the spam was sent using spoofed users for that virtual domain "name1@blah.com name2@blah.com" and so on. I have only one valid user on this domain that is able to send email.

Is there a way to restrict postfix so only the actual user can be the sender? (mail from)

#2 Sun, 03/17/2013 - 03:01

lp86

Out of the box, at least on CentOS, Postfix only allows outgoing mail from authenticated remote users, and all from localhost. I don't think there is a way to do specifically what your asking. Except for making sure all users have strong passwords, and no malicious scripts are installed on the server.

#3 Sun, 03/17/2013 - 07:15 (Reply to #2)

roever

What i can see the user is authenticated, but then uses that authentication to send mail from nonexistent users via postfix.

There has to be some setting to restrict this so only the authenticated user can be the sender.

I also saw that spamassasin has an option to scan outgoing mail for spam, this might be one way to at least block some spam mail from leaving the server. Some more info is here: http://docs.cpanel.net/twiki/bin/view/11_30/WHMDocs/ScanOutgoingMail

Does Virtualmin/Webmin have an option to enable this?

Topic locked