Hi, We don't have any legitimate users sending mail aside from scripts on the server (linux), only mail from localhost, anyone with an email address is listed in the virtual file and has their email forwarded to a gmail and uses gmail's MTA to send mail.
Since we have all the email addresses we accept mail for in a file (/etc/postfix/virtual) I was hoping there was some way to check a) is the mail from the localhost OR is the mail for an address in some file. My understanding is you can make a list of email addresses that you will deliver to like a whitelist, but we also send mail from scripts to outside addresses of which we don't alway know beforehand. I don't think I am running an open relay, I've tested it on a couple of sites came back clean. I come from 20 years of sendmail, which has a completely different system and we were using pop authorization, until people had their password compromised and spammers took over. I am sure some of this is trojans so the amavisd seems like a solid tool to have anyway. Thanks guys, David On Tue, May 4, 2010 at 1:49 AM, Gary Smith <gary.sm...@holdstead.com> wrote: >> > I tried to make a CIDR file with most of the 3rd world in it, some >> > 30,000 ips but for some reason it doesn't seem to have the effect I >> > was hoping for. >> > Any ideas would be helpful, thanks.David >> >> Add amavisd to your postfix. > > If they are relaying messages through their server, how is amavisd going to > help? Some additional configuration details might be useful. Are the users > authenticated? If so, which user is sending the email? It actually sounds > like an open relay issue. But I'm just guessing here. >
