1 Topic by k-hussein

  • k-hussein
  • Member
  • Offline
  • Registered: 2014-12-11
  • Posts: 106

Topic: fake identities

==== Required information ====
- iRedMail version: 0.9.0
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx):Nginx
- Linux/BSD distribution name and version: Ubuntu 14.04
- Related log if you're reporting an issue:
====
Hello .
Today I figured out that there is some users in my company abusing the service and send E-mails with fake identities , thus i disabled the identities in roundcube.
now I need to know is there any method to know who is setting a fake identity or any log for the sent mails with fake identities ??
thanks for your support.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by 7t3chguy

  • 7t3chguy
  • 7t3chguy
  • Forum Moderator
  • Offline
  • From: United Kingdom
  • Registered: 2015-01-08
  • Posts: 713

Re: fake identities

The identities are stored within MySQL, roundcubemail.identities
Just have a look through those and cross-reference the users against roundcubemail.users to see who owns what Identity.

7t3chguy's Website

3 Reply by k-hussein

  • k-hussein
  • Member
  • Offline
  • Registered: 2014-12-11
  • Posts: 106

Re: fake identities

7t3chguy ,
thanks for your support ,
sorry for that but am not that experienced with MYSQL I'll tell you what I did ,
opened MySQL . then I did select roundcubemail DB , then used the commands
------
select email from identities;
select username from users;
------------
now I can see the original users and the identities and I can tell the fake ones , but how can I know who has the fake identity

sorry for my bad English.

4 Reply by 7t3chguy

  • 7t3chguy
  • 7t3chguy
  • Forum Moderator
  • Offline
  • From: United Kingdom
  • Registered: 2015-01-08
  • Posts: 713

Re: fake identities

Try the following script, it'll give you 3 columns, user_id (you can ignore), username which is the REAL E-Mail address, and username which is the Probably Fake E-Mail address: (It only returns user+identity combinations where username doesn't match identity email) [Keep in mind, the identity might have been removed since, and there is no way to find its owner]
BTW if user is able to forge identity from Roundcube, then they might be able to forge their from header using other SMTP Clients. Check your postfix main.cf for the line starting with "smtpd_sender_restrictions" make sure that "reject_sender_login_mismatch" is in the line so that it looks like such: 

smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated

SQL Code:

SELECT users.user_id, users.username, identities.email FROM users LEFT JOIN identities ON (identities.user_id = users.user_id) WHERE users.username <> identities.email;

7t3chguy's Website

5 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: fake identities

k-hussein wrote:

Today I figured out that there is some users in my company abusing the service and send E-mails with fake identities , thus i disabled the identities in roundcube.

Dear k-hussein,

If you don't allow this, you should enable 'reject_sender_login_mismatch' in /etc/postfix/main.cf like below:

smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated

This is default iRedMail setting. Reference: http://www.postfix.org/postconf.5.html# … n_mismatch

If you need some more advanced features, please have a look at our iRedAPD plugin 'reject_sender_login_mismatch':
https://bitbucket.org/zhb/iredapd/src/d … t=default#

6 Reply by k-hussein

  • k-hussein
  • Member
  • Offline
  • Registered: 2014-12-11
  • Posts: 106

Re: fake identities

7t3chguy,
thanks so much the command worked like a charm.

Zhang,
yes I did it in postfix and disabled it.
thanks again for your support.