Just learnt about this today. I am late in the game because the config was there long time ago. Allow only root to send email by command line. This hopefully will force all webhosting scripts to use smtp to send out emails. That way outgoing emails can be ratelimited using rspamd. Got it from the postfix mailling list. ---------------- start ---------------------------- The default setting allows everyone: authorized_submit_users = static:anyone To disable all users except root: authorized_submit_users = root, !static:anyone See https://www.postfix.org/postconf.5.html#authorized_submit_users for more. This is available in Postfix 2.2 and later. Wietse --------------- end ------------------------------- This is just a sharing.
What is an use-case for ispconfig? Generally one would want their mailboxes and websites (forms for example) to be able to send mail through postfix on their ispconfig server. If somebody else is able to send mail through your server you screwed up standard config or got hacked. Standard config doesn't allow just anyone to send mail. You can call what you posted an extra security layer. Or it can function as a workaround instead of fixing the real issue if you suffer from unauthorized mail sending. And as it's not default ispconfig config it should be retained when ispconfig is upgraded. Though I don't see much use for it, especially in an ispconfig server.
For me, the issue is customers use terrible simple password for their emails. So spammers use their email account to send out large amount of spam. So rspamd's ratelimit helps to limit the amount of spam per hour or minute. In the future, I have to figure out some script that will inform me when an email account has hit the limit. Next issue is, website forms like in wordpress forms or phpmailer scripts. When they use sendmail, it bypasses rspamd's ratelimits. (or I do not know how to setup rspamd's ratelimit that will limit outgoing emails that do not use submission.) These scripts can send out large amounts of spam email or marketing emails. Which is a big problem for me. Like getting the ip address black listed. So website's must use smtp submission to send out emails. Or when the website is hacked and use sendmail to send out spam. I do not know how to limit or control that. So I am hoping the postfix config above will prevent such sending out of emails that is not using smtp submission. Yes you are correct, it is not a standard ispconfig config. As you can see, I am not an expert. Please help to advice on how to prevent or control sending out emails using scripts from websites. Really do not want to get my ip address blacklisted or smtp blocked by the datacenter because of complaints from customers who get spammed. From what I am guessing, these are the ways spammers can send out. - get the username and password for smtp submission. - through website scripts. - webmail like roundcube. I have already sent roundcube to use smtp. Did I miss any other way? Besides the worst case of hackers getting into the server itself. I am happy that I shared this and you are replying because I will be learning other ways. Others too might learn.
You give several examples about abuse of legitimate ways to send mail. All very real unfortunately. But how would the postfix setting you started this thread with help you against the abuse without interfering with your customer's normal use? Adding your customers (mailbox and website users) to the config won't help against the abuse. Not adding your customers stops them from being able to send mail. Or am I missing something?
Just a few thoughts: - Disable the php mail() function entirely and enforce your customers to use smtp with authentication - Ratelimit the local submission in Postfix - Move the webhosting to a dedicated webserver with dedicated IPs and tell customers that mail() is possible but not recommended/supported - Ratelimit based on uid with a dedicated policy service
Unfortunately customers must and only use SMTP submission to send out emails. And this will be ratelimited by rspamd. I am hoping the postfix config set to allow "root" and "vmail" only will prevent other users like website users from sending out email. Website users can use smtp submission to send out email and that will be ratelimited by rspamd. Normal email through smtp and submission will work fine. So thunderbird and webmail will work fine. Please note I am not an expert. Just trying to find a good solution.
- disabling php mail() is great for php. How about python and bash? - Ratelimit the local submission is what I am trying to learn. How can it be done? - moving websites to a dedicated webserver is not an option for me. I am not a big company. Please share how to ratelimit local submission. Through postfix or rspamd would be great.
I think ratelimit is not really the approach you should take here. Even if you use ratelimiting it does not prevent the user to send out bad mails which may affect your reputation. What you can do in these cases: - Prevent users from accessing the sendmail binary - Use authorized_submit_users = root, postfix (This should work) - Prevent Jailkit-users from accessing the sendmail binary
Know of any scripts that can alert me when a user has reached the ratelimit? Cool. I am hoping authorized_submit_users will also prevent using sendmail binary to send out emails. In other words only root and postfix will be able to use sendmail to send out emails. Is there a configuration for jailkit to prevent access to sendmail binary?
