just out of curiosity: wouldn't this also block legitimate users who use a third party mailserver on port 25?
Am 24. Mai 2015 13:23:01 MESZ, schrieb Christos Chatzaras <ch...@cretaforce.gr>: >Thank you everyone for the replies. I think I found the problem. The >spambot (uploaded by hacked websites) does direct connections to port >25 to other mail providers. That's why I don't see any logs for >outgoing e-mails but I get backscatter from hotmail and other >providers. I will try to use the firewall to allow only outgoing >connections to port 25 from postfix's uid and not from other user >accounts. I think this will fix the issue.
