Le 17/10/2012 22:41, Thomas E Lackey a écrit :
> I am looking into a system where one of the [virtual] mail accounts was
> compromised.
>
> Apparently the account, once compromised, was used to send spam from
> overseas hosts. Since the company has no overseas users, they asked if
> it were possible to block outbound/relaying activity from all non-US IP
> addresses, even from authenticated accounts, while still allowing
> inbound SMTP from non-US IPs. And, of course, they would like to retain
> sending from US IPs from authenticated accounts.
>
> I am pretty familiar with Postfix, but this combination has me
> scratching my head. Is it doable?
>
well, there is no reliable list of "this is here" IPs.
you can try
http://countries.nerd.dk/more.html
you can also try GeoIP.
these will give you lists of IPs that you could add to your firewall rules.
however, both are "best effort" things.
and really, you should only look at this once you analyzed the situation
for more "neutral" approaches, such as: mail submission should require
authentication. this does not solve all problems, but if your
authnetication is compromised, then you have other problems...
