> >> If you're worried about either of those scenarios, set up a separate > >> account for your email alerts. > > > > I like the separate account idea. Any tips on locking it down? Maybe > > that account on the mail server should somehow only be allowed to > > deliver to a single email address (mine)? Would it need a shell > > account? Certainly not allowed in sshd_config. > > > > It depends on how you're authenticating. We've got our users in > Postgres, and postfix uses Dovevot's SASL backend to auth. That way a > "user" is just an email address/password combination and can't do > anything except send/receive mail. > > The general defense against hacked user accounts is to do rate-limiting > on the MTA with something like postfwd, and at least notify postmaster > if someone begins sending hundreds of messages. That way if a user gets > hacked, you find out about it and can disable them. > > In this case I wouldn't even worry about it. If someone can log on to > your server and read the msmtp config, you've already got a big problem. > The real benefit to using a separate account is that if that does > happen, they can't see Grant's personal email password (which is > essentially the keys to the kingdom).
I was planning on having the alerts sent from each system via my privileged account on the mail server which means storing that password in the msmtp config file on each system. If I instead set up a separate account for alerts and lock that account down so it can only send email to my own address, I can flaunt that password around all I want because it can only be used to send email to me, correct? By the way, is it considered safe to use my own privileged account on the mail server to send mail from a good local mail client if I use SSL/TLS in transmission? > Another thing you might consider is getting added to the feedback loops > of some major providers. When one of our users gets hacked, I find out > quickly because AOL sends me a copy of every message that they get from > us which is marked as junk. This is a Good Idea anyway, and mitigates > the stolen-password problem in that unlikely event. That sounds like a really good idea. Is there an industry-standard term I could use in a search to figure out how to get the providers (Google, Yahoo, AOL?) to set me up this way? - Grant
