[SOLVED] Do not send any email without authentication from locally hosted websites

Discussion in 'General' started by Ignacio Garcia, Oct 8, 2018.

  1. Hi there. I'm trying to prevent any web sites hosted in my servers to use phpmail() or any other functions/scripts to send email through the local postfix server without user authentication. I've been reading the postifx documentation and poking a bit but I haven't had any success so far. Has anybody done this before?

    Thanks so much in advance!!!!

    Ignacio
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    This will probably affect other parts of your Linux server as well, but you can try it:

    remove 127.0.0.0/8 [::1]/128 from my networks in postfix main.cf
    Then ensure that the php mail() function plus functions that can be used to execute programs like exec, passthru, system, popen (and maybe some more) are listed in 'disable_function'.

    I haven't tried that, so not sure if it's enough and what exactly breaks when removing '127.0.0.0/8 [::1]/128' from mynetworks.
     
  3. Sorry Till, I really expressed myself very poorly. What I'm really trying to achieve is that everybody (local accounts, and that includes php scripts) will be forced to use the submission service (smtp-auth, tls activated) for all outbound emails, and have non-authenticated connections just for local email.
     
  4. Noel Jones from postfix-users mailing list has kindly replied to me with an answer. Initial testings show this works:

    authorized_submit_users = root, serviceuser1, serviceuser2, ... , proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf

    where users allowed to send local mail, such as root, or any service must be included in the list. It's a little more restrictive than I wanted, but with some investigation I can add all unix users that need to send email at some point.

    Thanks!
     
  5. Not sure though if mysql-virtual_mailboxes will cover aliases... Any thoughts on that, anybody?
     
  6. Jesse Norell

    Jesse Norell Well-Known Member

    I believe that effectively restricts the users of your php processes (ie. web1, web2, etc.) from executing the sendmail command; you might test, but I think they would still be able to use smtp to localhost:25 without authentication, unless you have changed some other setting(s) as well, eg. smtpd_relay_restrictions.

    I don't believe you need to allow any maps for mysql tables in authorized_submit_users at all, as it is a list of real system users allowed to run sendmail, and the various virtual_* tables (mailboxes, alias, etc) are virtual users (actually virtual addresses, as user names are generally not formatted like email addresses), so would never match a lookup.

    Note that even once you get this config nailed down, websites would still be able to use smtp directly to external servers unless you block that as well. That isn't nearly as common, but it does happen.
     
  7. thank you all. After much testing it seems to work ok.
     

Share This Page