Loading ...
Sorry, an error occurred while loading the content.
 

Re: restricting outbound e-mail to be from the authenticated user only

Expand Messages
  • mouss
    ... you can fix this in your submission/smtps: submission_sender_restrictions = check_sender_access hash:/etc/postfix/submit_sender_domains reject ==
    Message 1 of 17 , Feb 1, 2011
      Le 01/02/2011 20:25, mouss a écrit :
      > Le 31/01/2011 07:46, Daniel Bromberg a écrit :
      >> Hm, there must be a disconnect.
      >>
      >> I did read it, it sounded logical, I implemented it, and then my tests
      >> worked.
      >>
      >> I have:
      >>
      >> smtpd_sender_login_maps = mysql:/etc/postfix/mysql_sender_login_maps.cf
      >>
      >> smtpd_recipient_restrictions =
      >> reject_sender_login_mismatch,
      >> permit_mynetworks,
      >> permit_sasl_authenticated,
      >> ...
      >>
      >> When I send use the wrong source name invalidorigin, I get this:
      >>
      >> *NOQUEUE: reject: RCPT from xxx <invalidorigin@...>: Sender
      >> address rejected: not owned by user validorigin@...>*
      >>
      >> But otherwise mail from the outside continues to come in to local
      >> (virtual) users fine, and using an authorized source name works.
      >>
      >> If I understand correctly, what it does during an unauthenticated
      >> session is that if there is a recognized virtual user in the MAIL FROM:
      >> field, it requires that the user be (SASL) logged in. If the MAIL FROM:
      >> is /not /a recognized virtual user, the rule does nothing and passes the
      >> filtering to the rest of the rules.
      >
      > yes.
      >
      >> This is naturally also what I want.
      >
      > That was not my understanding. in your OP, you said:
      >>>> can only use the server to submit 'MAIL FROM:' their SASL
      >>>> authenticated username".
      >
      > in the setup you did, users can send as ***@....
      >
      >
      >> All good no?
      >>
      >> Your final warning: "it won't prevent internal users from using an
      >> external sender address" -- define internal user? Those in my virtual
      >> table, or local Unix users? If the latter, I have none. As for "external
      >> sender address", are you referring to the envelope field, the Reply-to:
      >> field, or the From: field? If either of the latter two, yes we agreed
      >> earlier in the threat that that would have to be done with a cleanup
      >> filter.
      >>
      >> Clarify?
      >
      > a virtual user authenticates as joe@... (which is his SASL
      > login) but sends as someone@... (where external.example may be
      > yahoo.com, hotmail.com, ... etc). I am talking about envelope sender here.

      you can fix this in your submission/smtps:


      submission_sender_restrictions =
      check_sender_access hash:/etc/postfix/submit_sender_domains
      reject

      == submit_sender_domains
      example.com OK
      .example.com OK


      This way, users of submission/smtp can only use an envelope sender of
      the form *@... or *@*.example.com. and those you can control
      with reject_sender_login_mismatch.

      alternatively, you can simply return a dummy login for addresses not in
      your domain when using sender_login_maps. but this is ugly (and requires
      constructs like CASE WHEN/IF NULL in your sql query).
    • Daniel Bromberg
      ... Still a disconnect compared to what I am seeing. When I re-configure my MUA to use somebody@yahoo.com as the Sender to send to anyone@anywhere.com, and
      Message 2 of 17 , Feb 1, 2011
        >> in the setup you did, users can send as ***@....
        >>
        >>
        >>> All good no?
        >>>
        >>> Your final warning: "it won't prevent internal users from using an
        >>> external sender address" -- define internal user? Those in my virtual
        >>> table, or local Unix users? If the latter, I have none. As for "external
        >>> sender address", are you referring to the envelope field, the Reply-to:
        >>> field, or the From: field? If either of the latter two, yes we agreed
        >>> earlier in the threat that that would have to be done with a cleanup
        >>> filter.
        >>>
        >>> Clarify?
        >> a virtual user authenticates as joe@... (which is his SASL
        >> login) but sends as someone@... (where external.example may be
        >> yahoo.com, hotmail.com, ... etc). I am talking about envelope sender here.

        Still a disconnect compared to what I am seeing. When I re-configure my
        MUA to use 'somebody@...' as the Sender to send to
        anyone@..., and SASL authenticate as authuser@... to
        the submission port, Postfix replies:

        "An error occurred while sending mail. The mail server responded: 5.7.1
        <somebody@...>: Sender address rejected: not owned by user
        authuser@.... Please check the message recipient
        anyone@... and try again."

        This is without the additional check_sender_access you describe as needed.
        As quick re-cap, I have:

        submission_client_restrictions =
        reject_sender_login_mismatch,
        permit_sasl_authenticated,
        reject

        AND:

        smtp.example.com:smtps inet n - n - - smtpd
        -o smtpd_tls_wrappermode=yes
        -o smtpd_sasl_auth_enable=yes
        -o smtpd_client_restrictions=$submission_client_restrictions
        -o syslog_name=postfix-submission

        Is there some other part of the config I haven't discussed and need to, that is making this work already for me?

        -Daniel
      Your message has been successfully submitted and would be delivered to recipients shortly.