Gerardo Herzig wrote, at 12/11/2008 12:32 PM:
> Hi all. Im facing a ugly situation. Some spammer is using the webmail to
>  send spam. The thing is, hes using an actual account/password (from my
> server)to authenticate agains the webmail, and then sending mail from
> "UK LOTTO <i...@uklotto.com>"...crap!!
> 
> Since i have
> smtpd_recipient_restrictions = permit_sasl_authenticated,
> permit_mynetworks, reject_unauth_destination
> 
> This dude is authenticated, so...what can i do? Cant i restrict or check
> the address which is sending and forbidde those which are not of my domain?

This seems easy: Simply reset the password.

If it was stolen, notify the original user immediately and explain what
happened. Some users share login credentials among multiple accounts, so
they deserve to know in order to change the password everywhere it is
used. They may also need to fix a compromised machine or be educated on
phishing attacks.

If it's a user that is doing the spamming, delete their account.

Reply via email to