> We don't have any legitimate users sending mail aside from scripts on > the server (linux), only mail from localhost, anyone with an email > address is listed in the virtual file and has their email forwarded to > a gmail and uses gmail's MTA to send mail. > > Since we have all the email addresses we accept mail for in a file > (/etc/postfix/virtual) I was hoping there was some way to check a) is > the mail from the localhost OR is the mail for an address in some > file. My understanding is you can make a list of email addresses > that you will deliver to like a whitelist, but we also send mail from > scripts to outside addresses of which we don't alway know beforehand. > > I don't think I am running an open relay, I've tested it on a couple > of sites came back clean. I come from 20 years of sendmail, which has > a completely different system and we were using pop authorization, > until people had their password compromised and spammers took over. > > I am sure some of this is trojans so the amavisd seems like a solid > tool to have anyway. > > Thanks guys, > David
So in short, all email is originating from scripts on your local system? These wouldn't be web mail postings by chance, would they?
