Postfix forged outgoing email

Discussion in 'Installation/Configuration' started by RootEtsy, Aug 29, 2016.

  1. RootEtsy

    RootEtsy New Member

    Hi all,
    I'm struggling with some issues with postfix and I'm hoping you guys can help.
    I've used the perfect server install for ispconfig 3 ( not the 3.1 RC ). Debian 8 server.

    What I found with this setup is that when I send an email with a valid login I can specify ANY email address I want and it's delivered. For instance, I setup a valid email account for the server in Thunderbird. I used the correct SMTP login details but instead of using a real email address for the account I used [email protected]. I can send out email like this and it's delivered no problem.

    My concern here is that if an email password is compromised it could be used to send out spam pretty easily.

    I've search around quite a bit and I can't find out how to limit the sender to the email it is verified for. How can this be done?
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Sender limitng is implemented in ISPConfig 3.1.
     
  3. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    You could do something similar in 3.0, I believe you just set
    Code:
    smtpd_reject_unlisted_sender = yes
    then point
    Code:
    smtpd_sender_login_maps = 
    to an appropriate lookup query (check `mysql-virtual_sender_login_maps.cf` from 3.1, which will need tweaked a bit), then alter
    Code:
    smtpd_sender_restrictions =
    to include `reject_authenticated_sender_login_mismatch`. 3.1 will be a nicer implementation though, with a checkbox to enable/disable sending as an alias and forward as well.
     
  4. RootEtsy

    RootEtsy New Member

    Thanks guys!

    For 3.1, do we have an estimate for when the final will be ready? Not trying to rush or anything. Would rather have it stable than rushed. :)

    Jesse, that's similar to what I was trying but looks like I was missing the second part of what you have. I'll give that a try when I get a chance.
     

Share This Page