That's very possible, and was my fisrt though too. There are a few thousand accounts in the DB, and I've only introduced strong passwords when I started working here ( like 1 year ago)
For completeness, let me post some entries from my access_recipient table , which is made up of some servers in our network, some e-mail adressess that got blacklisted or seen as spam. [EMAIL PROTECTED] OK Sparky/RPBG%RPBG@ OK Sparky/[EMAIL PROTECTED] OK Sparky OK [EMAIL PROTECTED] OK 66.178.37.63 OK rpbg.com OK [EMAIL PROTECTED] OK automotiveart.com OK [EMAIL PROTECTED] OK Supposing it IS a hacked SASL account, is there any way to stop that rewriting process ? Or to know which account was being abused ? Forcing all users to do a password change is not really an option with so many accounts. Jaap -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Victor Duchovni Sent: Tuesday, November 11, 2008 11:40 AM To: postfix-users@postfix.org Subject: Re: Spammers abusing my postfix box On Tue, Nov 11, 2008 at 11:31:38AM -0300, Jaap Westerbeek wrote: > I changed the order. > Note, my money is on "permit_sasl_authenticated" and weak credentials (like user "test" password "test", ...) or stolen credentials (users victims of phishing). In which case you really should address that. You could have overly broad permit rules in the "access_recipient" table (e.g. "com OK", ...), but this seems somewhat unlikely. > > smtpd_recipient_restrictions = > > permit_sasl_authenticated, > > check_recipient_access hash:/etc/postfix/access_recipient, > > There is your open relay. Put it below > > > reject_unauth_destination, If permit_sasl_authenticated is used by legitimate submission users, who send mail out, it actually needs to stay above "reject_unauth_destination", but first you need to weed out the compromised email accounts, which you will find in your logs. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the "Reply-To" header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: <mailto:[EMAIL PROTECTED]> If my response solves your problem, the best way to thank me is to not send an "it worked, thanks" follow-up. If you must respond, please put "It worked, thanks" in the "Subject" so I can delete these quickly. -- I am using the free version of SPAMfighter. We are a community of 5.6 million users fighting spam. SPAMfighter has removed 920 of my spam emails to date. Get the free SPAMfighter here: http://www.spamfighter.com/len The Professional version does not have this message
