HI, On Mon, Feb 19, 2018 at 11:42 AM, Wietse Venema <wie...@porcupine.org> wrote: > Alex: >> Hi, >> I have a postfix-3.1.4 system with a few hundred people using the >> submission service. One of the accounts was recently compromised, and >> started sending mail as fake users in the same domain. How can I >> prevent this? > > See: > http://www.postfix.org/postconf.5.html#smtpd_sender_login_maps > > And use one of: > http://www.postfix.org/postconf.5.html#reject_sender_login_mismatch > http://www.postfix.org/postconf.5.html#reject_authenticated_sender_login_mismatch > http://www.postfix.org/postconf.5.html#reject_unauthenticated_sender_login_mismatch > http://www.postfix.org/postconf.5.html#reject_known_sender_login_mismatch
Is an unauthenticated client one that simply has not logged in successfully? Would I be safest by just starting with reject_sender_login_mismatch? Guidance on which restriction should be used would be appreciated. I was thinking I would just modify the script that is used to add new users to also now add to this smtpd_sender_login_maps then rebuild the hash. Does that sound correct? smtpd_sender_restrictions = reject_sender_login_mismatch smtpd_sender_login_maps = hash:/etc/postfix/sender_login_maps /etc/postfix/sender_login_maps us...@sub.example.com, us...@sub.example.com, us...@sub.example.com