I just had a spammer take over an account which is allowed to send mail via one of my servers. I ran the lock account script but it kept on going. It seems that if a SASL authenticated user doesn't close the session then Postfix doesn't notice that the account is no longer valid and keeps allowing mail through! How can I solve this? Apart from restarting Postfix whenever I lock an account. Is there some way of limiting how many messages a smtpd process will accept before it exits? I'd like to force it to exit after processing 10 or 20 messages so that SASL authentication has to be completed again for the next 10 or 20 messages. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/
I just had a spammer take over an account which is allowed to send mail via one of my servers. I ran the lock account script but it kept on going. It seems that if a SASL authenticated user doesn't close the session then Postfix doesn't notice that the account is no longer valid and keeps allowing mail through!
How can I solve this? Apart from restarting Postfix whenever I lock an account.
This thing is happening enough for this to be a problem?
Is there some way of limiting how many messages a smtpd process will accept before it exits? I'd like to force it to exit after processing 10 or 20 messages so that SASL authentication has to be completed again for the next 10 or 20 messages.
Is it definitely postfix caching the authentication and not SASL? James
On Sat, 24 Nov 2012, James Harper <james.harper@bendigoit.com.au> wrote:
I just had a spammer take over an account which is allowed to send mail via one of my servers. I ran the lock account script but it kept on going. It seems that if a SASL authenticated user doesn't close the session then Postfix doesn't notice that the account is no longer valid and keeps allowing mail through!
How can I solve this? Apart from restarting Postfix whenever I lock an account.
This thing is happening enough for this to be a problem?
It's happened a few times.
Is there some way of limiting how many messages a smtpd process will accept before it exits? I'd like to force it to exit after processing 10 or 20 messages so that SASL authentication has to be completed again for the next 10 or 20 messages.
Is it definitely postfix caching the authentication and not SASL?
My script that locks the account restarts the saslauthd. A test with swaks shows that new connections by the account in question are denied. The smtpd processes had been active for something like 10 hours. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/
On Sat, Nov 24, 2012 at 10:06:10PM +1100, Russell Coker wrote:
Is there some way of limiting how many messages a smtpd process will accept before it exits? I'd like to force it to exit after processing 10 or 20 messages so that SASL authentication has to be completed again for the next 10 or 20 messages.
have you tried changing smtpd_client_message_rate_limit ? smtpd(8) says: smtpd_client_message_rate_limit (0) The maximal number of message delivery requests that any client is allowed to make to this service per time unit, regardless of whether or not Postfix actually accepts those messages. also worth looking at: smtpd_client_recipient_rate_limit (0) The maximal number of recipient addresses that any client is allowed to send to this service per time unit, regardless of whether or not Postfix actually accepts those recipients. defaults for both are 0 (unlimited). both of these will affect legitmate client connections, and may interfere with legitimate multi-recipient mail (bccs or mailing lists, for example - decent MTAs or mailing list managers will likely cope, crapware running on microsoft operating systems probably won't as mail programs for MS OSes are traditionally written by brain-dead morons who don't have a clue about mail). craig -- craig sanders <cas@taz.net.au>
participants (3)
-
Craig Sanders -
James Harper -
Russell Coker