Gerardo Herzig a écrit :
> Victor Duchovni wrote:
>> On Thu, Dec 11, 2008 at 02:32:52PM -0300, Gerardo Herzig wrote:
>>
>>> Hi all. Im facing a ugly situation. Some spammer is using the webmail to
>>> send spam. The thing is, hes using an actual account/password (from my
>>> server)to authenticate agains the webmail, and then sending mail from
>>> "UK LOTTO <i...@uklotto.com>"...crap!!
>>>
>>> Since i have
>>> smtpd_recipient_restrictions = permit_sasl_authenticated,
>>> permit_mynetworks, reject_unauth_destination
>>>
>>> This dude is authenticated, so...what can i do? Cant i restrict or check
>>> the address which is sending and forbidde those which are not of my domain?
>> Change the password for the compromised account. Or do you offer free
>> sign-up?
>>
>
> Well, yes, that an option. But seems like a partial solution. About the
> postfix configuration: There is anything i can do to avoid an account
> @uklotto (or whatever is not my domain) send mail trough my server? Crap
> i feel not :(
>
smtpd_sender_restrictions =
check_sender_access hash:/etc/postfix/mysenders
reject_unauth_destination
...
== mysenders:
example.com OK
Note that this works for the envelope sender, not the From: or reply-To:
headers.
