Score:1

How do I configure postfix to reject all email that doesn't have a specific 'from' field?

in flag

I have an SMTP relay that relays to our email forwarding server but currently it's accepting mail from all sorts of nasty spammers and our email forwarding host have (rightly) suspended the forwarding until we can lock things down a bit more. I'd therefore like to lock down this relay so that only emails with a specific 'from' value are accepted as a good start.

As per the Q-A in Rejecting unlisted senders in Postfix, I've tried setting this in main.cf:

smtpd_sender_restrictions =
    check_sender_access hash:/etc/postfix/acl_unknown_permited
    reject_unlisted_sender

..and making a new file /etc/postfix/acl_unknown_permited with the following content:

[email protected] permit

...with the appropriate server name.

This doesn't appear to be rejecting email though as setting the sender address to something outside of [email protected] like [email protected] is not rejected.

Is there another setting that could be overriding what I've set here?

The only thing I can think might be going awry at this point is the target of our relay is currently deferring email send attempts. Could that be masking the issue (I was expecting the rejection to happen before we hit the following error and I'm wary to open up the next stage until we've fully tied down the relay)?

Apr 25 22:13:37 smtp-relay postfix/smtp[447151]: BE0FB4247C: to=<[email protected]>, relay=email.forwarder.com [X.X.X.X]:587, delay=0.29, delays=0.09/0.02/0.17/0, dsn=4.0.0, status=deferred (SASL authentication failed; server email.forwarder.com [X.X.X.X] said: 535 Too many failed login requests from Y.Y.Y.Y. Try again later. #MS-ST-D)
Score:1
fr flag
anx

Sounds like the beginning of a larger reevaluation, so lets start with two items:

  1. Postfix SMTPd restrictions are enforced in the SMTP daemon: once, while choosing whether to accept submitted mail and queue it, or whether to reject it. After placing additional restrictions on newly accepted mail, you still have to manually sort out unwanted mail already accepted to your queue. Run postqueue -p to produce a listing of what the queue currently looks like. If you cannot easily determine that each and every queue item is unauthorized, you will find ways to separate the wheat from the chaff by looking up postsuper instructions.

  2. Just placing restrictions on acceptable envelope senders may have little or no impact on how much spam you relay - spammers could likely still send mail using any header from address and any content. You likely want to enforce substantial additional restrictions, such as requiring sender to authenticate, or requiring mail to originate from specific networks (IPv4/IPv6) under your control (often done via setting mynetworks).

in flag
This isn't live yet so I tried dropping everything from the current queue to avoid confusion from point (1) and have added a restriction but having the sender authenticate via username + password set on the SMTPd aspect makes sense. Is it possible to do that via (say) requiring a local user account without changing the email from field etc (I need that to match my current settings for the relay at the next hop to accept it I believe)?
anx avatar
fr flag
anx
@JonCage While there are provisions to configure relationships between sender address and method/username used in determining authorization, there is not need to strictly connect them. Postfix is perfectly happy with "everyone who can submit mail at all is treated equally" configuration as well.
in flag
Great! Can you point me in the direction of the settings that control authentication of smtpd connections? Is that where `smtpd_sasl_type` and either dovecot or Cyrus comes in?
in flag
I followed the guide here to set up cyrus to do SASL on SMTPD and that seems to have done the trick. http://www.linux-admins.net/2020/03/postfix-as-sasl-authenticated-tls.html Thanks for the pointers:!
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.