Redirect mails to a phishing account to admin account

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Redirect mails to a phishing account to admin account

Rajkumar S-3
Hi,

Is there any way to redirect all mails to a phishing account
[hidden email] to one of our admin accounts. The idea
 is  the even if users fall for a targeted phishing attack, the mails
should come to us rather than to phisher. Yes, we did have a targeted
phishing attack and some of our users sent their passwords to this
account.

Postfix is configured as an outgoing smtp server. postconf -n is

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
bounce_size_limit = 102400
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
message_size_limit = 15728640
mydestination = $myhostname
myhostname = postfix.in.mydomain.com
mynetworks = 127.0.0.0/8
myorigin = $mydomain
smtp_generic_maps = hash:/etc/postfix/generic_maps
smtpd_recipient_restrictions = reject_unknown_sender_domain,
reject_non_fqdn_sender,        permit_mynetworks,
permit_sasl_authenticated,
 reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
virtual_transport = dovecot

raj
Reply | Threaded
Open this post in threaded view
|

Re: Redirect mails to a phishing account to admin account

Wietse Venema
Rajkumar S:
> Hi,
>
> Is there any way to redirect all mails to a phishing account
> [hidden email] to one of our admin accounts. The idea
>  is  the even if users fall for a targeted phishing attack, the mails
> should come to us rather than to phisher. Yes, we did have a targeted
> phishing attack and some of our users sent their passwords to this
> account.

/etc/postfix/main.cf
    virtual_alias_maps = hash:/etc/postfix/virtual

/etc/postfix/virtual:
    [hidden email] [hidden email]

DO NOT LIST THE PHISHER DOMAIN IN virtual_alias_domains.

        Wietse