On Thu, October 8, 2015 2:35 am, Viktor Dukhovni wrote: > On Thu, Oct 08, 2015 at 02:15:36AM +1100, Voytek wrote: > > >> I think I've stopped compromised user sending by stopping and >> restarting Postfix, prior to that, I've reloaded Postfix after >> adding/postmaping sasl_access list - that didn't help, only stopping >> Postfix stopped it >> > > With Berkeley-DB tables, updated tables are only picked up by smtpd > when a client disconnects and a new client connects. > > So if a client was hanging on to a single connection and sending > lots of messages back to back without disconnecting, it might be able to > continue despite table changes.
so, seeing as I didn't see anymore connection from that IP after Postfix restart, that would tend to confirm above, I think ? > If your smtpd is not chrooted, you might have better luck with CDB, > than Berkeley DB, though I am not sure whether tinycdb (like DJB's original > implementation) detects table file changes and automatically reopens the > table on the fly. > > Otherwise, you may be better off with SQL or LDAP tables, which can > change in real time. my users/domain are in MySQL - but, again, if I understand it correctly. on a single connection sceanrio, that wouldn't help ? > >> I'm worried that 'there is more' ? >> > > There's nothing more. Viktor, thanks! I should've stopped/restarted immediately... thanks again for all replies!