How to block user from sending

Gelpi Andrea liste at gelpi.it
Thu Sep 1 07:43:59 CEST 2016


Il 26/08/2016 15:28, Homer Dokes ha scritto:
> Hello all,
>
> Recently we discovered that one of our Kolab server accounts has been
> compromised.  Thus far we have not been able to determine how this is
> happening however here are the particulars we have gathered and what we
> have done so far:
>
> The spammer has figured out how to blast spam to predominately AOL
> accounts via an email account on the server.  Our initial alert to this
> was a large amount of reject email coming back to that account from
> AOL's servers.  AOL has now black listed our server. I have changed the
> password on the account and that didn't prevent the spam from sending.
> The server also is Relay 'safe' so they are not getting through in that
> means either.  Ultimately, the only thing I could do to stop it for now
> is remove the account. Unfortunately this is not desirable as this
> specific account is advertised ALL over for quotes from perspective
> customers to our business.  We MUST be able to receive these quotes as
> they come to us from our Web Server which is hosted on a 3rd parties
> network. It should also be noted that the Kolab server is behind a
> separate spam server which is behind a firewall.  I have considered an
> exploit on the users workstation who monitors this particular account
> and responds to it figuring their Windows system was compromised however
> I can not find any evidence of that on their system and the Kolab
> postfix log files reflect 'localhost' as the origin and not the IP of
> the workstation.
>
> Is there a way I can disable outbound email for this particular account
> within the current kolab 3.4 environment and still receive for that
> account while we try to figure out how this exploit is working?
>
> Thank you,
>
> hdokes
>
>
> _______________________________________________
> users mailing list
> users a lists.kolab.org
> https://lists.kolab.org/mailman/listinfo/users


I had a similar situation some time ago.
I did the following:
Modify postfix main.cf with:

smtpd_recipient_restrictions = check_sender_access 
hash:/etc/postfix/emergency,
....

smtpd_sender_restrictions = check_sender_access 
hash:/kolab/etc/postfix/emergency,
...

Then in emergency I wrote the line:
user a domain.tld	REJECT


Then I entered the command:
postmap emergency

And reload postfix.

This prevent user a domain.tld to send mails completely.

-- 
Gelpi ing. Andrea
--------------------------------------------------------------
It took the computing power of three C-64s to fly to the Moon.
It takes a 486 to run Windows 95. Something is wrong here.
--------------------------------------------------------------


More information about the users mailing list