On Thu, October 8, 2015 2:35 am, Viktor Dukhovni wrote:
> On Thu, Oct 08, 2015 at 02:15:36AM +1100, Voytek wrote:
>
>
>> I think I've stopped compromised user sending by stopping and
>> restarting Postfix, prior to that, I've reloaded Postfix after
>> adding/postmaping sasl_access list - that didn't help, only stopping
>> Postfix stopped it
>>
>
> With Berkeley-DB tables, updated tables are only picked up by smtpd
> when a client disconnects and a new client connects.
>
> So if a client was hanging on to a single connection and sending
> lots of messages back to back without disconnecting, it might be able to
> continue despite table changes.

so, seeing as I didn't see anymore connection from that IP after Postfix
restart, that would tend to confirm above, I think ?


> If your smtpd is not chrooted, you might have better luck with CDB,
> than Berkeley DB, though I am not sure whether tinycdb (like DJB's original
> implementation) detects table file changes and automatically reopens the
> table on the fly.
>
> Otherwise, you may be better off with SQL or LDAP tables, which can
> change in real time.

my users/domain are in MySQL - but, again, if I understand it correctly.
on a single connection sceanrio, that wouldn't help ?
>
>> I'm worried that 'there is more' ?
>>
>
> There's nothing more.

Viktor, thanks!

I should've stopped/restarted immediately...

thanks again for all replies!

Reply via email to