Is 104.200.78.121 listed in your $permit_mynetworks parameter, or a CIDR
that contains it?
Did you postmap /etc/postfix/sasl_access?
Did you try c...@dom.org.au as entry?
Did you try cas@ as entry?
Regards,
Nicolás
El 2015-10-07 14:47, Voytek escribió:
On Thu, October 8, 2015 12:42 am, Viktor Dukhovni wrote:
On Thu, Oct 08, 2015 at 12:34:25AM +1100, Voytek wrote:
it looks like I have a couple of compromised user accounts on one of
the domains on this server, I've changed the user password then even
deleted the user (through postfixadmin) but that didn't help..? I can
see in the log this:
Oct 8 00:27:57 emu postfix/smtpd[7655]: 87E6B5E791:
client=unknown[104.200.78.121], sasl_method=LOGIN,
sasl_username=c...@dom.org.au Oct 8 00:27:58 emu postfix/smtpd[7678]:
645845FCCE:
client=unknown[104.200.78.121], sasl_method=LOGIN,
sasl_username=b...@dom.org.au
I've also tried adding to main.cf this "check_sasl_access
hash:/etc/postfix/sasl_access"
# cat /etc/postfix/sasl_access
cas HOLD bank HOLD cas...@dom.org.au HOLD bankst...@dom.org.au HOLD
Notice that the logs say "c...@dom.org.com", but you're not blocking
that exact authentication name.
Viktor,
sorry, attempted to anonymize email addresses, BUT, overlooked the last
two, only annoymized domains in the last two
in the /etc/postfix/sasl_access names are correct,
I've used both with and without domain
V
