On Tue, Nov 11, 2008 at 11:31:38AM -0300, Jaap Westerbeek wrote:
> I changed the order.
>
Note, my money is on "permit_sasl_authenticated" and weak credentials
(like user "test" password "test", ...) or stolen credentials (users
victims of phishing). In which case you really should address that. You
could have overly broad permit rules in the "access_recipient" table
(e.g. "com OK", ...), but this seems somewhat unlikely.
> > smtpd_recipient_restrictions =
> > permit_sasl_authenticated,
> > check_recipient_access hash:/etc/postfix/access_recipient,
>
> There is your open relay. Put it below
>
> > reject_unauth_destination,
If permit_sasl_authenticated is used by legitimate submission
users, who send mail out, it actually needs to stay above
"reject_unauth_destination", but first you need to weed out the
compromised email accounts, which you will find in your logs.
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[EMAIL PROTECTED]>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
