On 1/11/2010 1:27 PM, Damian Rivas wrote: > Hello everyone, > > I have a Postfix box basically configured to send mail from my organization > to the Internet. Today I received a warning message telling me that the mail > queue was full. > > It seems that some Spammer is using my server as an Open Relay, so I used the > "check_sender_access" function to only allow my domains to send mail to the > outside, but it is not working and I don't know what to do, perhaps you can > give me some tips. > >
check_sender_access is not the right tool IMO. Saying OK in the wrong place will make you an even bigger open relay. Anyone could easily say they were "MAIL FROM" your domain with a simple telnet or script. What you really want is to enable SASL and tell your users to utilize it to provide extra security while minimizing risk. Bad/common passwords can still be guessed by spammers See http://www.postfix.org/SASL_README.html for details.
