Am 07.02.2013 09:18, schrieb Simon Walter: > On 02/07/2013 04:51 PM, Robert Schetterer wrote: >> Am 07.02.2013 07:20, schrieb (HT) Simon Walter: >>> Hi all, >>> >>> I have the situation where a spammer knows the username and password of >>> an account and is sending spam via that account. I can change the >>> password, however, this account is shared amongst many users and I'd >>> rather not ask all the users to change their password. (Computer >>> literacy is becoming a rare quality these days ;)) >>> >>> Our postfix server is behind a firewall. So the spammer always connects >>> via the gateway. >> so you have to reject it on the gateway, if no need for anyone else >> to use the account from outside >> >> sender_restrictions via access table may enough >> >> http://www.postfix.org/postconf.5.html#smtpd_sender_restrictions >> >> somewhere before sasl permit etc >> and/or use smtpd_restriction_classes to combine >> >> if no external mail from outside is wanted for this account >> i.e delete it from relay_recipients, so mail will always bounce from >> outside >> >> for better help show the gateway main.cf >> >> rejecting via ip may not very usefull, cause ips may change >> >> > > The LAN gateway (NAT) - nothing to do with email. So in this case, the > IP address (10.1.1.1) will not change.
so you do smtp forward etc ? > > Of course mail is wanted for this account and it is not received by this > server. That's another server all together. However, this user need not > send mail from outside the LAN. > > Does that make sense? not very much , prime is solving the security leak investing time in workaround this ,is more or less loose > for better advice show postfix config and logs, for future problems like this , install a real postfix gateway outside nat i.e in your dmz or at some isp etc Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Joerg Heidrich
