> We are receiving a lot of faked emails from outside using our own domain > using Dictonary Attacks from the same source IP. > Does anybody know a way (or a trap) to detect and block it ?
What exactly do you mean buy using your own domain? If they use your domain as sender-address you can block them with the postfix check_sender_access hash-file. If they use your use your own server-name or it's ip-address as HELO then you can block them with check_helo_access. If the 'attackers' use certain IP-ranges or dns-suffixes you can block them with check_client_access. Often these attacks come from dynamic-addresses so you can use an RBL in postfix for example 'reject_rbl_client dynablock.njabl.org'. And as already mentioned the smtpd limits can be used to make life more difficult for the attackers, see http://www.postfix.org/TUNING_README.html. Menno van Bennekom
