On Sat, 24 Nov 2012, James Harper <james.harper@bendigoit.com.au> wrote:
I just had a spammer take over an account which is allowed to send mail via one of my servers. I ran the lock account script but it kept on going. It seems that if a SASL authenticated user doesn't close the session then Postfix doesn't notice that the account is no longer valid and keeps allowing mail through!
How can I solve this? Apart from restarting Postfix whenever I lock an account.
This thing is happening enough for this to be a problem?
It's happened a few times.
Is there some way of limiting how many messages a smtpd process will accept before it exits? I'd like to force it to exit after processing 10 or 20 messages so that SASL authentication has to be completed again for the next 10 or 20 messages.
Is it definitely postfix caching the authentication and not SASL?
My script that locks the account restarts the saslauthd. A test with swaks shows that new connections by the account in question are denied. The smtpd processes had been active for something like 10 hours. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/