> There must be something in your ACL which is allowing them to send mail.
> Let's have a look: (I'm putting the SMTP AUTH to one side for now, let's
> solve the first problem)
>
> > hostlist relay_from_hosts = 127.0.0.1 : 192.168.1.0/8 :
> > 151.38.133.230
> This rings alarm bells to me. 192.168.1.0/8 means that any host with an IP
> address beginning with 192 can relay. I am guessing this is intended to be
> your internal network, but the problem is that only 192.168.0.0/16 is
> reserved for internal IPs in RFC1918. There are lots of IPs beginning
> with 192 that are assigned, in use and globally routeable. (i.e. you can't
> use them for your internal network).
You are right... it was a mistake... I realized it the moment I pasted the config file to my previous message. I corrected it to 192.168.1.0/24. However I checked my logs and spam attempts came from 211.xxxxxx and 218.xxxxxx.
But the problem is that I need to change it to hostlist relay_from_host = *
I cannot do it at the moment without becoming an open relay.
> with getting SMTP AUTH working. Take care to make sure that you can't
> authenticate by using an empty username or password, as that seems to be
> something that happens quite often, and there additionally seems to be
> some evidence that spammers are starting to exploit it.
I checked but it doesn't seem to be my problem. For what I can see, Authentication works well. But it is always a second chance. Before sending mail with autentication I always can send mail without the need of authenticate myself. In such a way, having SMTP Auth, is quite useless, I think.
Probably is really something wrong in the order of ACL statement but I can't understand where...
Thanx
Lukas