it looks like I have a couple of compromised user accounts on one of the domains on this server, I've changed the user password then even deleted the user (through postfixadmin) but that didn't help..? I can see in the log this:
Oct 8 00:27:57 emu postfix/smtpd[7655]: 87E6B5E791: client=unknown[104.200.78.121], sasl_method=LOGIN, sasl_username=c...@dom.org.au Oct 8 00:27:58 emu postfix/smtpd[7678]: 645845FCCE: client=unknown[104.200.78.121], sasl_method=LOGIN, sasl_username=b...@dom.org.au Oct 8 00:28:02 emu postfix/smtpd[7678]: 3F6925FB48: client=unknown[104.200.78.121], sasl_method=LOGIN, sasl_username=b...@dom.org.au Oct 8 00:28:02 emu postfix/smtpd[7655]: 56C165FD24: client=unknown[104.200.78.121], sasl_method=LOGIN, sasl_username=c...@dom.org.au I've also tried adding to main.cf this "check_sasl_access hash:/etc/postfix/sasl_access" smtpd_recipient_restrictions =. reject_unknown_sender_domain, reject_unknown_recipient_domain,. reject_non_fqdn_sender,. reject_non_fqdn_recipient,. reject_unlisted_recipient,. check_policy_service inet:127.0.0.1:7777,. permit_mynetworks, check_sasl_access hash:/etc/postfix/sasl_access permit_sasl_authenticated, reject_unauth_destination, check_recipient_access hash:/etc/postfix/recipient_no_checks, check_recipient_access pcre:/etc/postfix/recipient_checks.pcre, check_helo_access hash:/etc/postfix/helo_checks, check_sender_access hash:/etc/postfix/sender_checks, check_client_access hash:/etc/postfix/client_checks, check_client_access pcre:/etc/postfix/client_checks.pcre, reject_rbl_client zen.spamhaus.org, reject_rhsbl_client dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org, reject_rbl_client psbl.surriel.com, reject_rhsbl_sender dsn.rfc-ignorant.org, check_policy_service inet:127.0.0.1:10031 # cat /etc/postfix/sasl_access cas HOLD bank HOLD cas...@dom.org.au HOLD bankst...@dom.org.au HOLD but I see new log entries all the time, what do I need to do ? thanks
