mouss wrote: > Gerardo Herzig a écrit : >> Victor Duchovni wrote: >>> On Thu, Dec 11, 2008 at 02:32:52PM -0300, Gerardo Herzig wrote: >>> >>>> Hi all. Im facing a ugly situation. Some spammer is using the webmail to >>>> send spam. The thing is, hes using an actual account/password (from my >>>> server)to authenticate agains the webmail, and then sending mail from >>>> "UK LOTTO <i...@uklotto.com>"...crap!! >>>> >>>> Since i have >>>> smtpd_recipient_restrictions = permit_sasl_authenticated, >>>> permit_mynetworks, reject_unauth_destination >>>> >>>> This dude is authenticated, so...what can i do? Cant i restrict or check >>>> the address which is sending and forbidde those which are not of my domain? >>> Change the password for the compromised account. Or do you offer free >>> sign-up? >>> >> Well, yes, that an option. But seems like a partial solution. About the >> postfix configuration: There is anything i can do to avoid an account >> @uklotto (or whatever is not my domain) send mail trough my server? Crap >> i feel not :( >> > > smtpd_sender_restrictions = > check_sender_access hash:/etc/postfix/mysenders > reject_unauth_destination > ... > > > == mysenders: > example.com OK > > Note that this works for the envelope sender, not the From: or reply-To: > headers. > > Oh, that sounds good to me! Thanks mouss!
Gerardo
