On Thu, October 8, 2015 12:54 am, nico...@devels.es wrote: Nicolás, thanks
> Is 104.200.78.121 listed in your $permit_mynetworks parameter, or a CIDR > that contains it? no # grep 104.200 main.cf # > Did you postmap /etc/postfix/sasl_access? yes > Did you try c...@dom.org.au as entry? > Did you try cas@ as entry? how to do that ? > El 2015-10-07 14:47, Voytek escribió: > >> On Thu, October 8, 2015 12:42 am, Viktor Dukhovni wrote: >> >>> On Thu, Oct 08, 2015 at 12:34:25AM +1100, Voytek wrote: >>> >>> >>> >>>> it looks like I have a couple of compromised user accounts on one >>>> of the domains on this server, I've changed the user password then >>>> even deleted the user (through postfixadmin) but that didn't help..? >>>> I can >>>> see in the log this: >>>> >>>> Oct 8 00:27:57 emu postfix/smtpd[7655]: 87E6B5E791: >>>> client=unknown[104.200.78.121], sasl_method=LOGIN, >>>> sasl_username=c...@dom.org.au Oct 8 00:27:58 emu >>>> postfix/smtpd[7678]: >>>> 645845FCCE: >>>> client=unknown[104.200.78.121], sasl_method=LOGIN, >>>> sasl_username=b...@dom.org.au >>>> >>>> I've also tried adding to main.cf this "check_sasl_access >>>> hash:/etc/postfix/sasl_access" >>>> >>>> >>>> >>>> # cat /etc/postfix/sasl_access >>>> cas HOLD bank HOLD cas...@dom.org.au HOLD bankst...@dom.org.au HOLD >>> >>> Notice that the logs say "c...@dom.org.com", but you're not blocking >>> that exact authentication name. >>> >> Viktor, >> >> >> sorry, attempted to anonymize email addresses, BUT, overlooked the last >> two, only annoymized domains in the last two >> >> in the /etc/postfix/sasl_access names are correct, >> >> I've used both with and without domain >> >> >> V >> >
