APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

Protect against unauthorized use with Kerio Connect User Access policies


2013/12/12

I recently had a Kerio Connect customer notice large amounts of mail in his mail queue. Upon investigation, these were being sent by a particular user. Further investigation showed them to contain viruses - obviously the account or a machine had been compromised.

This user should not have been relaying mail from outside of the local network. The default SMTP setting was to allow relaying for authenticated users because some users do need to do that, but most users did not.

There are a few ways to control this situation. One is to use a VPN and add the VPN addresses to the "local" IP address group and NOT allow SMTP relay for anyone not local. Ypu'd then give VPN access to those who need it.

If that's not practical, Kerio User Access Policies provide another method. You'd define a restrictive policy and apply that to the users who do NOT need to relay from outside (or reverse that and make not allowed the default, adding a new "allow" policy for those who need to relay).

The policy is simple for Restrict - it can be "All protocols" (which of course only means those that are enabled) but allowed only to local clients.

user_access_policy.jpg

Once defined, we assign that policy to the users who should not have outside access.

user_access_sm.jpg

With this in place, a compromised account cannot be used from outside the building.



Got something to add? Send me email.





(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> -> Protect against unauthorized use with Kerio Connect User Access policies


2 comments



Increase ad revenue 50-250% with Ezoic


More Articles by

Find me on Google+

© Anthony Lawrence







Thu Dec 12 23:14:06 2013: 12383   Reva

gravatar


It would be helpful to know why a user might need to relay from outside the LAN. Can you give a few examples?





Thu Dec 12 23:18:45 2013: 12384   TonyLawrence

gravatar


A user working at home that needs to send email to the company's customers. By relaying through the company site, the recipients sees that it is coming from the company, it's in the archiving if that is used, it's in Sent Mail and if DKIM is used , it's signed.

------------------------
Kerio Connect Mailserver

Kerio Samepage

Kerio Control Firewall

Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us





Dead trees and polluting ink. I'll be happy to see them go. (Tony Lawrence)

The whole thing that makes a mathematician’s life worthwhile is that he gets the grudging admiration of three or four colleagues. (Donald Knuth)







This post tagged: