Gerardo Herzig wrote: > Victor Duchovni wrote: > >> On Thu, Dec 11, 2008 at 02:32:52PM -0300, Gerardo Herzig wrote: >> >> >>> Hi all. Im facing a ugly situation. Some spammer is using the webmail to >>> send spam. The thing is, hes using an actual account/password (from my >>> server)to authenticate agains the webmail, and then sending mail from >>> "UK LOTTO <i...@uklotto.com>"...crap!! >>> >>> Since i have >>> smtpd_recipient_restrictions = permit_sasl_authenticated, >>> permit_mynetworks, reject_unauth_destination >>> >>> This dude is authenticated, so...what can i do? Cant i restrict or check >>> the address which is sending and forbidde those which are not of my domain? >>> >> Change the password for the compromised account. Or do you offer free >> sign-up? >> >> > > Well, yes, that an option. But seems like a partial solution. About the > postfix configuration: There is anything i can do to avoid an account > @uklotto (or whatever is not my domain) send mail trough my server? Crap > i feel not :( > >
Really the only thing that can be done on the postfix side is to implement smtpd_sender_login_maps and reject_authenticated_sender_login_mismatch (or similar). This is a matter of policy as any matches with invalid results will be rejected. See http://www.postfix.org/postconf.5.html#smtpd_sender_login_maps and http://www.postfix.org/postconf.5.html#smtpd_sender_restrictions. Fight spam through trusted sources since MAIL FROM is easily forged and will block legitimate mail. Note: just remember the first restriction wins. If you want this to work, it must come before permit_sasl_authenticated. Brian