On 1/11/2010 1:11 PM, Brian Evans - Postfix List wrote:
On 1/11/2010 1:27 PM, Damian Rivas wrote:
Hello everyone,
I have a Postfix box basically configured to send mail from my organization to
the Internet. Today I received a warning message telling me that the mail queue
was full.
It seems that some Spammer is using my server as an Open Relay, so I used the
"check_sender_access" function to only allow my domains to send mail to the
outside, but it is not working and I don't know what to do, perhaps you can give me some
tips.
check_sender_access is not the right tool IMO.
Saying OK in the wrong place will make you an even bigger open relay.
Anyone could easily say they were "MAIL FROM" your domain with a simple
telnet or script.
The OK in smtpd_sender_restrictions is fine, but probably
doesn't address the real problem.
At any rate, it would prevent the MTA from receiving any
outside mail. That's OK if this is a outbound-only relay.
What you really want is to enable SASL and tell your users to utilize it
to provide extra security while minimizing risk.
Bad/common passwords can still be guessed by spammers
See http://www.postfix.org/SASL_README.html for details.
While SASL is generally a good idea, it probably doesn't
address the problem.
-- Noel Jones
