On 3/3/2021 1:39 PM, Marek Kozlowski wrote:
One user's password has been compromised. Someone had authenticated
as this user (SASL) and was able to send mail with:
Return-Path: <>
These are bounces or Non Delivery Notices. You should not disable these.
Quite possibly the mail originated with a different MAIL FROM and
was undeliverable, causing postfix to generate a bounce.
Search the maillog for the QUEUEID reported in the mail queue. That
will show you where the message originated.
I'm afraid logs were not as detailed as needed. I'm trying to
understand: how??
I'm sure the normal logging contains everything you need. Resist the
urge to enable debug logs, which will hide the important bits in a
flood of irrelevant information.
Feel free to share "postconf -n" and relevant logs on the list if
you need more help.
-- Noel Jones
