Hi Everyone,
I've been running a postfix mailserver for our small company for the last
couple of years. Until a couple of weeks ago we had no trouble at all. But
then suddenly I started seeing a huge number of rejected emails in the
deferred queue, with dodgy looking recipient addresses. I think
My question is, if I am right, how can I find out which account has been
compromised?
You can add this to main.cf:
smtpd_sasl_authenticated_header=true
This will add the SASL authenticated user to the received headers which
allows you to see who's account was used.
Kind regards,
Martijn
On 1/20/2010 5:05 AM, Daniel Howard wrote:
Hi Everyone,
I've been running a postfix mailserver for our small company for the last
couple of years. Until a couple of weeks ago we had no trouble at all. But
then suddenly I started seeing a huge number of rejected emails in the
deferred queue,
You can add this to main.cf:
smtpd_sasl_authenticated_header=true
This will add the SASL authenticated user to the received headers which
allows you to see who's account was used.
Kind regards,
Martijn Brinkers
Thanks Martijn, but if the SASL user gets put into the headers, then
Thanks Martijn, but if the SASL user gets put into the headers, then
doesn't that just meant that the recipient will see who the message came
from, rather than the administrator - me?
Yes but you said:
...I started seeing a huge number of rejected emails in the deferred
queue...
If the SASL