| SYSTEM INFORMATION | |
|---|---|
| OS type and version | Debian 13 |
| Webmin version | 8.1.0 |
I searched but it wasn’t very clear. Before doing many tests, I need to know: With the Postfix configurations offered by Virtualmin, can I granularly control the number of emails users can send per hour by domain or by VirtualServer? This would limit potential abuse. Or can I only do this via a command in /etc/postfix/main.cf?
Best Regards
kazuma
Yes, you can.
People usually judge others by what they themselves are or represent. I received a message from someone calling me a liar, shameful for someone so mature. Here’s a video where I show that Virtualmin’s global email sending limit didn’t work in my test, so I gave up on it. Better to do it manually.
This video is unlisted and will be forever.
Regards
You need to test sending to a external email address like to gmail, I don’t think this will work on addressees handled by the same postfix server.
I will fire up a test machine to verify.
Stefan, I understand that, but, when something or a button say: Do something and dont say nothing around about exceptions we do believe that going to do that. In Plesk cPanel… that work like that. Set a limit of something, that limit going to work even for internal emails. There are a number of attacks that can be made internally from one client to another using the same server that need to be contained or repelled, and this type of vulnerability should be expected and addressed. For example: When I configured the Virtualmin Server to disable the mail() function in PHP, the exceptions disappear when a new client is created. This should be inherited from the central PHP configuration, allowing the administrator to always determine this, not the user. But I appreciate your politeness and kindness in telling me about the internal mail sending; I already suspected that.
Best regards
Yeah I get the same sending to gmail, I haven’t tested via a client connect like thunderbird.
But using usermin I sent 5 to gmail and they all went.
Did you understand what I meant? I always found Postfix very annoying to configure manually; I have some ready-made scripts, but it varies from panel to panel. When I saw that function in Virtualmin and how it works, I got very excited. Even before testing it, I thought: Wow, what a great solution!! But when I saw that it didn’t respect this part, I was already discouraged… The same with CyberPanel; it has the same problems. Just put a PHPMail inside and the security is gone; it even sends from domains that aren’t configured.
I’ll keep waiting.
Thank you for your attention.
It does seem like a bug, turning it on and off, look like it uses milter-greylist, which is a worry as its not available in RHEL 10. I maybe wrong about milter-greylist, but I don’t see any changes in postfix.
@Ilia can you look at this?
There’s a bunch of things involved in mail.
Rate limits in Virtualmin are provided by a policy server (usually milter-greylist, I think, I don’t remember details, and it varies by OS and version), which is not involved in local sending. That’s a configuration choice, you can put it in the path for local mail delivery, too. Trickier to configure, though, as it then ends up applying to incoming mail, too.
PHPMail (any scripts, not just PHP) is a whole other issue. Unless you firewall outgoing port 25 traffic, any user that can cause scripts to be run (via any mechanism, including PHP) can send email with or without the local MTA being involved…sending mail is trivial. You can literally do it with telnet or nc in a few lines of bash. This is another tricky issue that causes a lot of surprise complexity. It is possible to block traffic based on user in iptables/nftables, but we don’t try to do that, because we’re trying to not be inundated with questions about why mail doesn’t work. But, we probably should revisit that problem at some point.
We’ve historically not recommended using Virtualmin for bulk hosting or free hosting or situations where your users are completely untrusted and likely to abuse the system. But, insecure web apps do get abused sometimes, through no fault of the user (well, not no fault, but not an inexcusable fault, since securing web apps is a hard problem), so it probably would be good to provide tools to lock down those sorts of ways for spam to get out.
We’ve been discussing a total refactor of the mail stack for some time. It’s on the agenda, but we’re all mostly volunteering here, we all have other jobs, so it hasn’t bubbled to the top yet. It will, some day. If you have strong feelings about it and technical expertise necessary to work on it, we always welcome contributions. (The vague direction I see: Sieve for filtering/forwarding instead of Procmail, maybe a switch to Cyrus instead of Dovecot for JMAP support, a better spam/AV stack maybe built on rspamd or another policy server, removal of the hodgepodge of current policy servers for greylisting, rate limiting, DKIM, etc. replacing with a single tool for all of them…rspamd, probably.)
But, a firewall that blocks outgoing port 25 except for the Postfix user would solve one of your problems, and that’s simple. No rate limited for internal mail I think is also a one line config change, maybe? But maybe has side effects. I’ve never done it though, so it’d need some research.
Oh, and, on the “from” address issue, to force users to only send from their own address, you need a variety of things in place (and you’re going to be swamped with user problems). You have to force mail to go through the Postfix server (block port 25 outgoing), require authentication (for local users, it’s always required for remote users), and you have to enforce the sending address has to match the logged in user ( reject_sender_login_mismatch), which I think is a little complicated in a virtual mail system. I’ve never used it.
1
Personally, with virtualmin being a webhost/email host sort of platform I think you guys should consider putting this up the agenda. The current setup has many issues including GUI items that do not work or are confusing. postgrey is now no longer present in some Distros and obviously there are a few more issues some of them outlined above.
Maybe just plan a roadmap out in the short term, decide on the technologies to be used and get feedback if needed.
If you have code snippets, feel free to share them here. They may get worked into the code base. The main issue here is that even though there is a large installed user base, very few share back to the community in ANY way.
Okay, let’s share… 3 years ago I managed to align a code that worked well on CentOS 7 with CyberPanel, combined with this Postfix main.cf. The goal of this code was:
To allow full POP access. To allow external SMTP and PHP file mail() etc., always requiring POP before SMTP, and to prevent sending from domains that don’t exist on the server. I tested it and it seems to work, but on virtual machines it’s complicated because each new one will respect different things; it would need to be configured as a standard on all of them.
======================================
======================================
======================================
#Used id /etc/postfix/main.cf in CyberPanel ... testing... CentOS7
#
smtpd_delay_reject = yes
smtpd_client_restrictions = permit_sasl_authenticated, reject
#
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sender_login_maps = hash:/etc/postfix/virtual
smtpd_sender_restrictions = permit_mynetworks, reject_unlisted_sender, reject_non_fqdn_sender, reject_unverified_sender, reject_unknown_sender_domain, reject_unauthenticated_sender_login_mismatch, reject_known_sender_login_mismatch, permit_sasl_authenticated
#
# reject hosts that domain name set in FROM are not registered in DNS or not registered with FQDN when your SMTP server receives HELO command
smtpd_helo_restrictions = permit_mynetworks, reject_unknown_hostname, reject_non_fqdn_hostname, reject_invalid_hostname, permit
#
#
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_use_tls = yes
#
anvil_rate_time_unit = 60s
smtpd_client_connection_rate_limit = 500
smtpd_client_message_rate_limit = 100
smtpd_client_recipient_rate_limit = 200
smtpd_client_new_tls_session_rate_limit = 100
#
smtpd_reject_unlisted_sender = yes
#
======================================
======================================
======================================
Best Regards
Kazuma
Without checking the specifics, yes, I also tweaked my Postfix config based on some pretty common suggestions. I think I used the Postfix site, but, I will not swear to that. But this isn’t code so much as a preferred Postfix config.
The teams ‘dilemma’ at this point is how far down a rabbit hole to go when they are considering some pretty significant changes.
Remember what the ‘product’ is. Webmin started with a systems administration interface. Virualmin helps you set up a server with web, mail and DNS. It is NOT a system administrator. It can’t be perfect for ANY situation. It just gets you up and running. What you do after that is wholly up to you.
I won’t speak to ‘PRO’. I don’t have access to that. To me this is just another hobby I spend WAY too much money on but can’t give up having some control of my email and, to a much lesser extent, web after being in the field for awhile.
I think that if the Free version has these basic problems, the Pro version will too. Don’t come at me with “every panel has problems,” if there’s a field to be filled in that says it turns something on or off, that something has to be turned on or off. Otherwise, this field, with its intention of doing so, shouldn’t be there, period! I believe there are product enthusiasts who will tell me this or that, it doesn’t matter. In short: I installed a basic, ready-made version without any frills, I went straight to the point and configured it as root in Webmin to prevent me from sending more than 3 emails per hour. 5 were sent, including from domains that didn’t even exist in the panel. That’s enough to ruin the reputation of an IP or domain and leave client users without email for a while. Without this or that, as long as Webmin has these basic cosmetic field problems, I don’t see why use it.
I have a whole section on what postfix options I used and what they do.
not sure if this is any help, but it is free 