Guy a écrit : > Hi guys, > > I've got some mail in the queue that's clearly spam. The from address > is [EMAIL PROTECTED] and the source server is > "7c.91.5746.static.theplanet.com [70.87.145.124]" The recipient > addresses are random domains that do not belong to me. The server is > supposed to be a gateway and outgoing server for our users. > > I've tried telnet to port 25 on the box and get relay access denied > trying to send to a non local domain (gmail.com). So either my config > is completely screwed (which is very possible) or I've got a > compromised user. If it's a compromised user, is it possible for > postfix to include the authenticated username in the message headers? >
your logs should tell you whether the transaction was authenticated. look for sasl_username. if you want headers to contain submission infos, set: smtpd_sasl_authenticated_header = yes smtpd_tls_received_header = yes > [snip]
