Compromised account results in the server being used to send out spam mail

Compromised account results in the server being used to send out spam mail

   KB 21927        Last updated on 07/11/2015  




0.00
(0 votes)

Purpose

Compromised account results in the server being used to send out spam mail. Typically if you lock a user he should not be able to send email but that will not kick in if the smtp sessions already exists. See reported problem:

Resolution

To deal with this, postfix introduced "check_sasl_access".

Per-account access control

Postfix can implement policies that depend on the SASL login name (Postfix 2.11 and later). Typically this is used to HOLD or REJECT mail from accounts whose credentials have been compromised

How-to

vi /opt/zimbra/conf/zmconfigd.cf

Locate line "RESTART mta" The line before that add -

POSTCONF smtpd_sasl_local_domain    LOCAL postfix_smtpd_sasl_local_domain

Set LC attribute

zmlocalconfig -e postfix_smtpd_sasl_local_domain='$myhostname'

Steps 1 and 2 required because we wish to add the entire email address in the access control list, as per guidelines of postfix -

  1. Use this when smtpd_sasl_local_domain is empty.
username   HOLD
  1. Use this when smtpd_sasl_local_domain=example.com.
username@example.com HOLD
vi conf/zmconfigd/smtpd_sender_restrictions.cf

Add line on top -

check_sasl_access lmdb:/opt/zimbra/conf/postfix_sasl_access
vi /opt/zimbra/conf/postfix_sasl_access
testsan3@zcs860.us.zimbralab.com    REJECT

Create db file for postfix_sasl_access

cd /opt/zimbra/conf/
postmap postfix_sasl_access

zmmtactl restart

The restart is for the config to kick in. If you wish to add/delete users then all you will need to do is -

cd /opt/zimbra/conf
vi postfix_sasl_access -- Make changes
postmap postfix_sasl_access

If a user is blocked he should see the attached error.

Kb-block-users-001.png

Additional Content

Verified Against: Zimbra Collaboration 8.6, 8.5, 8.0 Date Created: 05/05/2015
Article ID: https://wiki.zimbra.com/index.php?title=Compromised_account_results_in_the_server_being_used_to_send_out_spam_mail Date Modified: 07/11/2015



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »


Wiki/KB reviewed by SME1 SME2 Copyeditor Last edit by Jorge de la Cruz
Jump to: navigation, search