"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
Sophos recommends enabling the MTA-level IP Blocker as part of an overall strategy to optimize PureMessage performance. If you want to authenticate connections using SMTP-AUTH while MTA-level blocking is enabled, you must modify PureMessage Postfix (SMTP-AUTH is not supported for external Postfix installations nor for any version of sendmail).
When configured as described below, your system permits access for any IP address contained in the $mynetworks parameter, and then checks to see if it's an authenticated connection. If authentication is successful, messages are delivered without further testing. If authentication fails, messages are passed along to the MTA IP Blocker to begin testing.
Since SMTP-AUTH alone is not secure (it sends usernames and passwords over the internet in plain text format), it is recommended that you use SMTP-AUTH in conjunction with Transport Layer Security (TLS), so that this information is encrypted.
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated,ignore_policy_error, check_policy_service inet:localhost:4466
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated,
ignore_policy_error, check_policy_service inet:localhost:4466
The contents of the entry must be in exactly the order that is shown above.
Add the following lines to main.cf to enable SASL authentication:
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_security_options = noanonymous
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = PathToServerCertificateFile
smtpd_tls_key_file = PathToPrivateKeyFile
smtpd_use_tls = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:PathToSessionCacheFile
smtp_tls_session_cache_database = btree:PathToSessionCacheFile
For details about any of these settings, see the "Postfix Configuration Parameters" documentation on the Postfix website.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.