3

I would like to prevent spam messages sent from my computer by programs/scripts uploaded by anyone.

The only legitimate use case is to connect to postfix through the submission port, and after authentication, submit the email. Postfix will then connect to other mail servers and send it.

I am thinking to use iptables to allow outgoing connections to *:SMTP port if the program trying to open this connection is postfix, and drop any other connection attempts.

I have two questions:

1) How can I identify in iptables, that it is the postfix program that tries to open the connection?

2) How can I prevent a script to invoke sendmail and just give it the message without authentication? Probably this is not that easy, as maybe there are programs, like cron, which try to send email to root@localhost, using sendmail. This should still work.

The system runs Debian stable

G Bagoy
  • 31
  • have your SMTP agent only listen on the loopback address; then no external mail sources will even be talked to, much less have their messages accepted for delivery. – DopeGhoti Dec 06 '16 at 17:08
  • Probably I was not clear. I am talking about outgoing email, not incoming. I need to accept incoming email, that is not a problem. I do not want local processes to be able to send email directly, without using my postfix, and I don't want local processes to be able to send email through postfix without authentication. – G Bagoy Dec 06 '16 at 20:19
  • In that case, you probably need to enable SMTP authentication in your mail transfer agent, and refuse to deliver anything not thusly authenticated. – DopeGhoti Dec 06 '16 at 20:32
  • Would network namespaces help? You could have a namespace for just this one program and no other program could use your interface then. – phk Dec 07 '16 at 12:44

1 Answers1

1

(1) The easiest way to identify Postfix is probably the iptables --owner --uid-owner postfix match, to specify Postfix's user. You could also run Postfix in its own network namespace or cgroup, similar to the solutions in Block network access of a process? (and only allow that namespace or cgroup to originate SMTP traffic).

(2) A script runnning sendmail already has authentication: it's running as a user on your system. There are indeed a bunch of things that make use of this interface. Cron is one, but so do a bunch of random scripts—pretty much everything on the system that sends email uses it. Even installed MUAs (mutt, etc.) will often default to using it.

You can presumably lock it down to only certain users, either using filesystem permissions (make it only executable to a given group, or particular users using ACLs) or probably Postfix config (though I personally use Exim, so not sure how).

Community
  • 1
derobert
  • 109,670