Op 22-10-16 om 21:12 schreef Noel Jones: > On 10/22/2016 1:30 PM, Paul Schmehl wrote: > >> He's clearly doing something very clever that is not the usual brute >> force cram-it-down-your-throat spam run. > > No evidence has been presented that this is anything other than the > usual leaked-credentials account hijacking. Any confusion is due to > a lack of information.
The "Authenticated sender" does not excist as a user account. It is an correct e-mail address, but not an user account with what you can authenticate. > Postfix logs the sasl username presented by the spammer. Hopefully > the sasl backend logging will show why this name is unexpectedly > accepted, and is almost certainly not a bug or exploit. I will look for a sasl backend logging method. The spammers are still trying. Every time from another IP, so I cannot log on a specific IP. With regards, Paul van der Vlis -- Paul van der Vlis Linux systeembeheer Groningen https://www.vandervlis.nl/
