From: brian moore (bemcrom.org)
Date: Mon Jan 11 2010 - 13:00:55 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 11 Jan 2010 15:27:05 -0300
"Damian Rivas" <damiancht.com.ar> wrote:

> Hello everyone,
>
> I have a Postfix box basically configured to send mail from my organization to the Internet. Today I received a warning message telling me that the mail queue was full.
>
> It seems that some Spammer is using my server as an Open Relay, so I used the "check_sender_access" function to only allow my domains to send mail to the outside, but it is not working and I don't know what to do, perhaps you can give me some tips.

You seem to be allowing anyone forging one of your domains to relay.

That is not good.

> smtpd_sender_restrictions = permit_mynetworks,
   check_sender_access = hash:/etc/postfix/sender_map,
   reject_non_fqdn_sender, reject_unknown_sender_domain, permit

That 'check_sender_access' is evil. Please remove it.

Replace it with:
   reject_unauth_destination

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]