Compromised account results in the server being used to send out spam mail
Compromised account results in the server being used to send out spam mail
Purpose
Compromised account results in the server being used to send out spam mail. Typically if you lock a user he should not be able to send email but that will not kick in if the smtp sessions already exists. See reported problem:
Resolution
To deal with this, postfix introduced "check_sasl_access".
Per-account access control
Postfix can implement policies that depend on the SASL login name (Postfix 2.11 and later). Typically this is used to HOLD or REJECT mail from accounts whose credentials have been compromised
How-to
vi /opt/zimbra/conf/zmconfigd.cf
Locate line "RESTART mta" The line before that add -
POSTCONF smtpd_sasl_local_domain LOCAL postfix_smtpd_sasl_local_domain
Set LC attribute
zmlocalconfig -e postfix_smtpd_sasl_local_domain='$myhostname'
Steps 1 and 2 required because we wish to add the entire email address in the access control list, as per guidelines of postfix -
- Use this when smtpd_sasl_local_domain is empty.
username HOLD
- Use this when smtpd_sasl_local_domain=example.com.
username@example.com HOLD
vi conf/zmconfigd/smtpd_sender_restrictions.cf
Add line on top -
check_sasl_access lmdb:/opt/zimbra/conf/postfix_sasl_access
vi /opt/zimbra/conf/postfix_sasl_access testsan3@zcs860.us.zimbralab.com REJECT
Create db file for postfix_sasl_access
cd /opt/zimbra/conf/ postmap postfix_sasl_access zmmtactl restart
The restart is for the config to kick in. If you wish to add/delete users then all you will need to do is -
cd /opt/zimbra/conf vi postfix_sasl_access -- Make changes postmap postfix_sasl_access
If a user is blocked he should see the attached error.
Additional Content
- For detailed explanations about the Postfix SASL, please go to - http://www.postfix.org/SASL_README.html