You can use master.cf and a firewall, to ensure that SASL authentication is disabled (eg no relaying allowed) if the user is not from a valid IP range. Eg, for the port 25 server, you disable sasl authentication. If you have "permit_sasl_authenticated" in your relay security settings, then it will completely disable relaying for the port 25 server. Then for the port 587 server (submission) that still have SASL enabled, you add a firewall rule topmost, that is, lets say your authenticated users mail from 80.216.0.0/16, then add a rule as following:
Source: NOT 80.216.0.0/16 Source port: Any Target: Your server IP Target port: 587 Action: DropThen it will easily weed out all pass-cracking spambots, they wont even be able to connect. The above suggestion, will enforce so your server will BOTH require a correct username/password *AND* that the user is coming from a authorized source IP.
However, remember to tell your users that they will no longer be able to send email while they are not on your premises/authorized locations. The users will however be able to receive email as before, so they can easily use a private gmail/hotmail account to reply to email that they get while off-premises.
-----Ursprungligt meddelande----- From: Christos Chatzaras
Sent: Sunday, May 24, 2015 12:32 PM To: postfix-users@postfix.org Subject: problem with spamΜy server with IP 178.63.64.86 is blacklisted at http://cbl.abuseat.org for stealrat spambot. My mail server is configured to send only e-mail from authenticated users. Also local users (from shell) can't send e-mail and also mail() php function is disabled too. I got this e-mail from hotmail ( http://pastebin.com/raw.php?i=D6fFDUYH ) that shows that my mail server send e-mail from marcella_sha...@akrogiali-restaurant.gr to sir...@hotmail.com , but on the logs there is no entry that e-mail sent to sir...@hotmail.com . Any idea what may be the problem ?
smime.p7s
Description: S/MIME Cryptographic Signature