Limit which local users can use postfix
Compromised web sites can be used to relay spam email. To limit that or track which web sites are being used to send spam, you can limit which users can us sendmail, you can do the following. As root:
- Create a file /etc/postfix/sendmailAllowedUsers, put
user OK
on a line for each allowed user. (I put one line in my file “root OK” so only root can use sendmail)
- run
postmap /etc/postfix/sendmailAllowedUsers
- Add the line
authorized_submit_users = hash:/etc/postfix/sendmailAllowedUsers
to /etc/postfix/main.cf
- run
postfix reload
Only the users in the sendmailAllowedUsers file will be able to send email
If your web sites need to be able to send mail:
- Create user accounts for each web site. You can use the same account that is set up for the user to ftp their web site in place
-
yum install cyrus-sasl cyrus-sasl-devel cyrus-sasl-plain cyrus-sasl-sql
- If you are using Centos 7 execute
systemctl enable saslauthd && systemctl start saslauthd
- If you are using Centos 6 execute
chkconfig saslauthd on && service saslauthd start
- Add the following line to main.cf
-
smtpd_sasl_auth_enable = yes
- run
postfix reload
Now, the users can connect to the SMTP server running on 127.0.0.1 port 25 – and they will have to authenticate to send email. The server administrator will be able to track who is sending email by looking at the /var/log/maillog