Loading ...
Sorry, an error occurred while loading the content.

reject sasl_authenticated

Expand Messages
  • Tom Kinghorn
    Good morning list. Is it possible to reject sasl_authentication from certain users? we have a situation where certain accounts have been compromised.
    Message 1 of 4 , Nov 22, 2012
    • 0 Attachment
      Good morning list.

      Is it possible to reject sasl_authentication from certain users?

      we have a situation where certain accounts have been compromised.

      Unfortunately, the team which enables / disables accounts on the master
      DB is a) if a different geographical location and b) take up to 24
      hours to do so (management is looking into the process)

      Is it possible, in the interim, toREJECT the logins from these users
      until the clientservices department does so on the DB?


      thanks
      Tom
    • Robert Schetterer
      ... as workaround you may use access table for the compromised mail address with some error 4NN text which means try again later with additional info Best
      Message 2 of 4 , Nov 22, 2012
      • 0 Attachment
        Am 22.11.2012 10:21, schrieb Tom Kinghorn:
        > Good morning list.
        >
        > Is it possible to reject sasl_authentication from certain users?
        >
        > we have a situation where certain accounts have been compromised.
        >
        > Unfortunately, the team which enables / disables accounts on the master
        > DB is a) if a different geographical location and b) take up to 24
        > hours to do so (management is looking into the process)
        >
        > Is it possible, in the interim, toREJECT the logins from these users
        > until the clientservices department does so on the DB?
        >
        >
        > thanks
        > Tom

        as workaround you may use access table for the compromised mail address
        with some error

        4NN text

        which means try again later with additional info


        Best Regards
        MfG Robert Schetterer

        --
        [*] sys4 AG

        http://sys4.de, +49 (89) 30 90 46 64
        Franziskanerstraße 15, 81669 München

        Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
        Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
        Aufsichtsratsvorsitzender: Joerg Heidrich
      • Tom Kinghorn
        ... Hi Robert Many thanks for the prompt response. I thought of that but it would appear to be malware as the sender address keeps changing. The only constant
        Message 3 of 4 , Nov 22, 2012
        • 0 Attachment
          On 22/11/2012 11:43, Robert Schetterer wrote:
          > Am 22.11.2012 10:21, schrieb Tom Kinghorn:
          > as workaround you may use access table for the compromised mail address
          > with some error
          >
          > 4NN text
          >
          > which means try again later with additional info
          >
          >
          > Best Regards
          > MfG Robert Schetterer
          >
          Hi Robert

          Many thanks for the prompt response.

          I thought of that but it would appear to be malware as the sender
          address keeps changing.

          The only constant is the sasl_username.

          thanks
          Tom
        • Noel Jones
          ... you can use an external policy service that rejects the mail when sasl_username is the compromised user. http://www.postfix.org/SMTPD_POLICY_README.html
          Message 4 of 4 , Nov 22, 2012
          • 0 Attachment
            On 11/22/2012 3:21 AM, Tom Kinghorn wrote:
            > Good morning list.
            >
            > Is it possible to reject sasl_authentication from certain users?

            you can use an external policy service that rejects the mail when
            sasl_username is the compromised user.
            http://www.postfix.org/SMTPD_POLICY_README.html

            The postfwd policy server can do this pretty easily, but it's not
            the only choice.
            http://postfwd.org/
            http://www.postfix.org/addon.html#policy




            -- Noel Jones
          Your message has been successfully submitted and would be delivered to recipients shortly.