| 1 |
> >> If you're worried about either of those scenarios, set up a separate |
| 2 |
> >> account for your email alerts. |
| 3 |
> > |
| 4 |
> > I like the separate account idea. Any tips on locking it down? Maybe |
| 5 |
> > that account on the mail server should somehow only be allowed to |
| 6 |
> > deliver to a single email address (mine)? Would it need a shell |
| 7 |
> > account? Certainly not allowed in sshd_config. |
| 8 |
> > |
| 9 |
> |
| 10 |
> It depends on how you're authenticating. We've got our users in |
| 11 |
> Postgres, and postfix uses Dovevot's SASL backend to auth. That way a |
| 12 |
> "user" is just an email address/password combination and can't do |
| 13 |
> anything except send/receive mail. |
| 14 |
> |
| 15 |
> The general defense against hacked user accounts is to do rate-limiting |
| 16 |
> on the MTA with something like postfwd, and at least notify postmaster |
| 17 |
> if someone begins sending hundreds of messages. That way if a user gets |
| 18 |
> hacked, you find out about it and can disable them. |
| 19 |
> |
| 20 |
> In this case I wouldn't even worry about it. If someone can log on to |
| 21 |
> your server and read the msmtp config, you've already got a big problem. |
| 22 |
> The real benefit to using a separate account is that if that does |
| 23 |
> happen, they can't see Grant's personal email password (which is |
| 24 |
> essentially the keys to the kingdom). |
| 25 |
|
| 26 |
I was planning on having the alerts sent from each system via my privileged |
| 27 |
account on the mail server which means storing that password in the msmtp |
| 28 |
config file on each system. If I instead set up a separate account for |
| 29 |
alerts and lock that account down so it can only send email to my own |
| 30 |
address, I can flaunt that password around all I want because it can only |
| 31 |
be used to send email to me, correct? |
| 32 |
|
| 33 |
By the way, is it considered safe to use my own privileged account on the |
| 34 |
mail server to send mail from a good local mail client if I use SSL/TLS in |
| 35 |
transmission? |
| 36 |
|
| 37 |
> Another thing you might consider is getting added to the feedback loops |
| 38 |
> of some major providers. When one of our users gets hacked, I find out |
| 39 |
> quickly because AOL sends me a copy of every message that they get from |
| 40 |
> us which is marked as junk. This is a Good Idea anyway, and mitigates |
| 41 |
> the stolen-password problem in that unlikely event. |
| 42 |
|
| 43 |
That sounds like a really good idea. Is there an industry-standard term I |
| 44 |
could use in a search to figure out how to get the providers (Google, |
| 45 |
Yahoo, AOL?) to set me up this way? |
| 46 |
|
| 47 |
- Grant |
Archives