Hi all
Just to clarify some points They are running an IMAP server with SASL login for remote users Regards _____ From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Pawel Lesniak Sent: 04 March 2009 10:32 AM To: postfix users list Subject: Re: Spam attacks W dniu 2009-03-03 23:34, MacShane, Tracy pisze: We have a very clear policy that users are only permitted to relay mail from our networks. If they are sending from home, they use webmail. We've had one or two instances where external organisations have used some kind of auto-reply mechanism which purports to send from our users, but we simply tell them to fix the sender address. We use a sender access map to reject the spurious senders that aren't coming from my_networks. You can use warn_if_reject to test the impact of this measure for a few days or weeks. main.cf ====== smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_sender, check_sender_access hash:/etc/postfix/sender_access # cat /etc/postfix/sender_access ourdomain.com REJECT ourdomain.gov.au REJECT So you too advocate (if I clearly understand you) my point of view, where those "legit mails", which Noel was talking about, are just misconfigurations of others' servers. I believe that we share opinion that restricting own users to sending from my_networks and/or authenticated clients works perfectly to stop getting spam from u...@example.com to u...@example.com. Pawel Lesniak
