Postfix: avoid sending with false sender address

    Hello,



    a web space with Joomla was hacked on my server.
    He then sent thousands of mail.


    In the Mail stood -> FROM: [email protected].


    However, the mail address not exist in the database.


    Can I somehow set the system to the needs, the FROM mail address exists in the database.



    greeting
    Viktor

    - Distribution: Debian | Release: 8.10 | Codename: jessie

    - i-MSCP Version: i-MSCP 1.5.3 | Build: 20180516 | Codename: Ennio Morricone

    - Plugins installed: ClamAV (v. 1.3.0), Mailgraph (v 1.1.1), OpenDKIM (v 2.0.0), PanelRedirect (v 1.2.0) & SpamAssassin (v 2.0.1)

    - LetsEncrypt (v 3.6.0), PhpSwitcher (v 5.0.5), RoundcubePlugins (v 2.0.2)

    Hi Viktor,


    take a look at: reject_unlisted_sender as smtpd_sender_restrictions .
    I think that it could work, but your yoomla send via php-mailfunction ?!?


    Regards Knut

    -- formerly known as knut --
    ensim -> confixx -> vhcs -> ispcp -> kloxo -> easyscp -> ispconfig 3 -> i-mscp -> ispconfig 3.1

    @KH2015


    We could check the sender for the mails that are sent through sendmail. We need only add an SMTP restriction (at the right place)... But by doing this, that would mean that any system user which must be able to send mail (such as the root user) should be listed as allowed sender (including the host domain name).



    Another approach would be to only allow SASL authenticated users but this would make the PHP mail() function unworkable. Thus, the users would be forced to use a smtp library to be able to authenticate through SASL.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    SSH key for online support

    A lot of hosting companies are permitting only SASL authenticated users to send mail. The PHP mail() function is disabled...
    Just chioces...

    Quote from KH2015

    Hi Viktor,


    take a look at: reject_unlisted_sender as smtpd_sender_restrictions .
    I think that it could work, but your yoomla send via php-mailfunction ?!?


    Regards Knut

    Hallo,


    I see he has upload a PHP-File but it is base64 encode so I not see the Code.


    I think the check must be done for PHP-Mail function.


    Kind regards
    Viktor

    - Distribution: Debian | Release: 8.10 | Codename: jessie

    - i-MSCP Version: i-MSCP 1.5.3 | Build: 20180516 | Codename: Ennio Morricone

    - Plugins installed: ClamAV (v. 1.3.0), Mailgraph (v 1.1.1), OpenDKIM (v 2.0.0), PanelRedirect (v 1.2.0) & SpamAssassin (v 2.0.1)

    - LetsEncrypt (v 3.6.0), PhpSwitcher (v 5.0.5), RoundcubePlugins (v 2.0.2)

    @Viktor @kess



    The administrator, as the reseller can already disable the PHP mail() function as a per customer basis through the frontEnd.


    Quote from Viktor

    I think the check must be done for PHP-Mail function.


    As said above, it is possible to check senders even for mail which are sent through sendmail but doing this would pose many problems. From my point of view, that is not a good solution.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    SSH key for online support