Ooops. Didn’t reply to the list. ☹ Hope this will help you a bit:
http://www.linuxquestions.org/questions/linux-security-4/how-to-postfix-disable-relay-forwarding-mail-security-redhat-5-1-a-643331/ From: [email protected] [mailto:[email protected]] On Behalf Of Steven Kiehl Sent: Sunday, January 10, 2016 7:21 PM To: [email protected] Subject: Problem with XFORWARD relay hack Good evening, I've had no trouble solving my issues with my postfix/dovecot setup with manpages and the like before, but this new issue has me subscribing to the mailing list because this is urgent. I've been the victim of an XFORWARD relay hack of sorts on my postfix server. I'm not sure how many messages got through, but they all sent from a domain that I web service but don't mail service. Essentially, someone found a way to connect to my server, sent an XFORWARD SOURCE=LOCAL command, and attempted to send thousands of messages via relay one after another with a reset command after each message was completed, so they could maintain the connection. My problem is that I don't have any XFORWARD settings defined in my config and I can't find anything that would normally authorize or deauthorize these commands. I deleted over 47000 messages stuck in queue after I'm pretty sure I've been blocked by all major mailing services. How do I disable XFORWARD in a postfix/dovecot setup?
