On Wed, Oct 17, 2012 at 03:41:08PM -0500, Thomas E Lackey wrote: > I am looking into a system where one of the [virtual] mail accounts > was compromised. > > Apparently the account, once compromised, was used to send spam > from overseas hosts. Since the company has no overseas users, they > asked if it were possible to block outbound/relaying activity from > all non-US IP addresses, even from authenticated accounts, while > still allowing inbound SMTP from non-US IPs. And, of course, they > would like to retain sending from US IPs from authenticated > accounts. > > I am pretty familiar with Postfix, but this combination has me > scratching my head. Is it doable?
Not easily, and there is little reason to think it would be very effective. If you could compile (or query) a list of the IP address ranges and use it as check_client_access, you have succeeded with that part of your goal, but you probably have not accomplished the real goal. What about when the ratware is sending from your user's US-based computer? This issue last came up on this list today, and before that, yesterday (thanks Jeroen!) The real answer is rate limiting and content filtering of authenticated senders. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
