On Sun, 24 Aug 2014 16:06:36 +0000 Viktor Dukhovni <postfix-us...@dukhovni.org> wrote: > Postfix 2.11 or later has a new feature: > > http://www.postfix.org/postconf.5.html#check_sasl_access > > If your relay restrictions look like: > > main.cf: > indexed = ${default_database_type}:${config_directory}/ > smtpd_relay_restrictions = > check_sasl_access ${indexed}sasl-access, > permit_sasl_authenticated, > permit_mynetworks, > reject_unauth_destination > > (before any user account is compromised), then once an account > is hijacked: > > sasl-access: > lu...@example.com REJECT 5.7.1 Your login is compromised.
This is a particularly good solution as it allows the user to continue receiving email so that you can send them them a message explaining exactly what the problem is. -- D'Arcy J.M. Cain System Administrator, Vex.Net http://www.Vex.Net/ IM:da...@vex.net VoIP: sip:da...@vex.net
