Re: Solution to SMTPAuth compromised accounts.
- On 09/13/2013 08:47 AM, lst_hoe02@... wrote:
> A workaround might be to force a mismatch with smtpd_sender_login_mapsOn top of that, please consider use postfwd for rate limit.
> by removing the MAIL FROM --> Login-ID match in the table, no? But
> this only applies if reject_sender_login_mismatch could/should be used
> of course.
José Borges Ferreira
- Viktor Dukhovni:
> > Can we add something similar to the "smtpd_client_restrictions" orBuilt-in message rate limit:
> > "smtpd_recipient_restrictions", and adding a new rule-entry which
> > would simply confirm that the "SMTPAuth LDAP 'user' used way back,
> > is still accountStatus=enabled" ?
smtpd_client_message_rate_limit = 10
External rate limit: use postfwd and the like.
- On Fri, Sep 13, 2013 at 04:29:28AM +0000, Viktor Dukhovni wrote:
> Sadly Postfix does not have an access table keyed by the SASL+1, a check_sasl_auth_access feature would be useful, despite the
> login name. Perhaps we should bite the bullet, and add one,
fact that other approaches can accomplish the same thing, as noted
upthread by numerous posters.
> after defining a suitable encoding for any usernames thatFortunately SASL usernames are typically something under site
> contain special or whitespace characters.
administrators' control, so a partial solution might be to warn
against using special or whitespace characters in usernames. :)
http://rob0.nodns4.us/ -- system administration and consulting
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: