- Operating System: Linux Ubuntu 12.04 TLS
- Context: Plesk 11.5
- Utility: Postfix 2.9.6 (updates restricted by Plesk 11.5 distribution)
I would like Postfix to check the 'sender' field of every outgoing smtp mail (before sending), so that the sender matches any of the valid created accounts (mail users) of any of the domains hosted in the server (as a condition to approve the sending).
The reason of this is because whenever one domain becomes infected by spam-sender script(s), it usually uses a pattern like 'random-name'@infected-domain.tld , so by applying a sender-user-exist filter, it could be reduced the impact on the server's reputation, and so preventing being blacklisted as quickly as it currently does (whenever one of the hosted domains is infected by malicious scripts).
So here, I am not asking for specific domain restrictions, but for specific users restrictions for the field "Mail From: " before sending it by Postfix (not when receiving incoming mail).
Edit 1
Finally I guessed the problem here is that /usr/sbin/sendmail can send, using Postfix, without authentication, isn't it? Or, is it configured somewhere else without me knowing that?
Please, at least, could you help me with some useful and understandable documentation for sendmail? I could not find anything really useful to understand how it works, and less for a multiuser environment such as Plesk 11.5.
That is why I would like to filter directly from Postfix, because is the central point to rely or send emails.
Edit 2
Searching finally I have discarded the directive for Postfix 2.4+ authorized_submit_users => http://www.postfix.org/postconf.5.html#authorized_submit_users
It only checks the UID of the /usr/sbin/sendmail process, which is the user of the infected domain.
Adding:
authorized_submit_users = !unknown, static:all
does not solve the problem.
Edit 3
Working with
#/etc/postfix/main.cf
header_checks = regexp:/etc/postfix/header_checks
And the regex filtering options, using negative lookahead:
#/etc/postfix/header_checks
/^From: ".*(?!user1|user2|user3).*@infected-domain.tld/ REJECT
Any idea? May I should open another thread?
Solved!
I have provided a customized solution for this specific case by answering it myself below. Thank you everyone for your information, collaboration and support!