From: Andy B. (globihot.lu)
Date: Wed Jan 03 2007 - 10:51:32 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Thank you for your comments.

I might mention again, that the users we are talking about have to
authenticate themselves via SMTP-Auth, so spoofing would be possible, but
you still can see who did the spoofing then.

My thought was to filter these users on SMTP-Auth level, not on
sender-address level (reply-to or from). Can this be done somehow?

And then: where will the "approval queue" be saved? I know this is
off-topic, but is there any possibility to save that queue into mysql tables
(pretending I use postfix with mysql support built in)?

Thanks.

Andy

-----Original Message-----
From: owner-postfix-userspostfix.org
[mailto:owner-postfix-userspostfix.org] On Behalf Of Noel Jones
Sent: Wednesday, January 03, 2007 17:36
To: postfix-userspostfix.org
Subject: Re: outgoing validation

At 05:13 AM 1/3/2007, Andy B. wrote:
>Hi,
>
>I have a group of lawyers who want to validate every outgoing mail by some
>kind of web interface. Needless to say that I have some concerns about data
>security - they are the lawyers and they should know what they are doing.
>
>Here is the postfix situation as it is now:
>
>- I have one domain only: foobar.com
>
>- the domain name is virtual
>
>- all users of that domain can only send mail via SMTP-Auth (SASL)
>
>
>What I need:
>
>user1foobar.com is not allowed to send Emails without validation of an
>admin.
>
>User1 sends an email with confidential information to
>presidentwhitehouse.gov, and this email will not go directly to its
>destination but will wait in some sort of pending queue for validation of
an
>admin.
>
>The admin sees the mail in a web interface and notices that this
information
>should never leave the office and clicks "DENY" and enters a reason for
>denial. If the mail is legitimate, then the admin clicks "APPROVE" and the
>mail arrives at its final destination.
>
>Best would be to make a list of SMTP-Auth users who can mail directly and a
>list of users who must ask for approval, like:
>
>/etc/postfix/approval.db containing: user1,user2,user4,user5,user7
>
>/etc/postfix/admin.db containing: user3,user6
>
>
>I would be thankful for some suggestions on what needs to be done on
postfix
>level.
>
>Thank you.
>
>Andy

I've not done this, but here are some thoughts of what I might try.

Use two instances of postfix (can be on the same machine). We'll
call them "normal" and "approval queue".
The "approval queue" will listen on a non-standard interface, and
place all incoming mail on hold using something like:
# main.cf
smtpd_client_restrictions =
    static:hold

The "standard" instance would use a check_sender_access table listing
the users requiring approval and a result of
filter:[ip.of.approval.queue]:port to route their mail to that
instance. This could also be reversed to list all approved users and
filter the rest.

Then your job is to write a web interface that will view the hold
queue and allow an admin to either release or reject the message.

Be sure to also use reject_authenticated_sender_login_mismatch so the
users can't simply spoof the sender address.

Of course, to lock things down tight, you will also need to block
http access to public webmail services so they won't simply use their
hotmail account, probably safest to block all internet access. And
also remember to search them before leaving the office so they don't
take home a flash drive containing documents they can email from
their home PC. and.... and... and... to many loopholes to count.

Unless you're dealing with national security secrets, it's probably
not worth the time. Just have the employee sign a strict
non-disclosure agreement. Maybe require quarterly reviews of the
non-disclosure policy so they know you're serious.

--
Noel Jones

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]