Jaap Westerbeek wrote:
Hi All,
Lately some spammer has been able to relay spam through my server.
I think they use a valid (hacked) account and then rewrite the sender
e-mail address.
My setup is :
Debian Etch server
postfix-mysql 2.3.8-2+etch1
amavisd-new-2.6.1
spamassassin
cyrus imap server (on a separate box)
mysql-server 5.0.32-7etch6
I use web-cyradm to create users and domains
I see two possibilities to stop the spammer :
1) I'd like to set up mysql proxy maps so that either the sender OR
the recipient match a valid user in the mysql DB.
If none match, it should reject the mail.
2) Rewriting the sender address should not be possible
The server hosts about 30 domains and has like 2000 active users.
I don't know exactly how to write the mysql proxymaps, and I am not
sure if disabling the rewriting feature is at all possible.
If you need more info or configs to help me , please let me know
Regards,
Jaap Westerbeek
------------------------------------------------------------------------
I am using the Free version of SPAMfighter
<http://www.spamfighter.com/len>
We are a community of 5.5 million users fighting spam.
SPAMfighter has removed 865 of my spam emails to date.
The Professional version does not have this message
How do you know it is a hacked account and not a hacked server? I think
as Wietse suggests, you find out how they did this otherwise your server
is compromised and it won't matter what new schema you come up with
using mysql.
Randy Ramsdell
