From: Longina Przybyszewska (no email)
Date: Wed Oct 01 2003 - 10:48:44 EDT
This is my new installed Postfix-2.0.15/(TLS+SASL=Plain).
When I examine mail queue I can see a lot of hanging messages from
my MAILER-DAEMON to the strange destinatins and strange recipients -
with 'Connection timeout' or 'Connection refused' - which obviously looks
like originating spam from my server.
some examples from `mailq`:
===
7240862775 5199 Wed Oct 1 11:46:39 MAILER-DAEMON
(connect to mail.123box.co.uk[1.0.0.0]: Connection timed
out)
7EBCC6277B 4456 Wed Oct 1 13:33:56 MAILER-DAEMON
(connect to mail.123box.co.uk[1.0.0.0]: Connection timed
out)
1CFBC6274A 4387 Mon Sep 29 20:20:08 MAILER-DAEMON
(connect to mail.123box.co.uk[1.0.0.0]: Connection timed
out)
71FC562747 3122 Mon Sep 29 19:25:33 MAILER-DAEMON
(connect to mgmt.ucalgary.ca[136.159.193.180]: Connection
refused)
57D1D62761 5452 Tue Sep 30 23:22:06 MAILER-DAEMON
(connect to aonehotwebdeals.com[61.252.159.7]: Connection timed
out)
"sby677 at F9NIO30"@aonehotwebdeals.com
...
====
Is it some special spam technic I am not protected against, or
fail in my main.cf ? Common test for relaying ( trying to send from remote
machine, from unknown account to the outside) is passed OK - Relaying
denied.
postconf -n:
---
access_map_reject_code = 554
alias_database = hash:/etc/postfix/maps/aliases
alias_maps = hash:/etc/postfix/maps/aliases
allow_untrusted_routing = no
body_checks = pcre:/etc/postfix/maps/body_checks.pcre
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = scan:localhost:10025
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
default_database_type = db
default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what]
blocked using $rbl_domain${rbl_reason?; $rbl_reason}
defer_code = 450
disable_vrfy_command = no
header_checks = regexp:/etc/postfix/maps/block255
pcre:/etc/postfix/maps/header_checks.pcre
inet_interfaces = $myhostname, localhost
invalid_hostname_reject_code = 501
local_recipient_maps = unix:passwd.byname $alias_maps
mail_owner = postfix
mail_spool_directory = /var/mail
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
maps_rbl_reject_code = 554
mime_header_checks = pcre:/etc/postfix/maps/mime_header_checks.pcre
mydestination = $myhostname, mailhost.$mydomain, localhost.$mydomain,
$mydomain
mydomain = imada.sdu.dk
myhostname = berlioz.imada.sdu.dk
mynetworks = 130.225.128.0/24, 127.0.0.0/8, 130.225.143.0/24,
130.225.142.123
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
rbl_reply_maps =
readme_directory = no
reject_code = 554
relay_domains = hash:/etc/postfix/maps/ReceiveFrom
relay_domains_reject_code = 554
relocated_maps = hash:/etc/postfix/maps/Relocated
sample_directory = /etc/postfix/sample
sendmail_path = /usr/lib/sendmail
setgid_group = postdrop
smtp_sasl_auth_enable = no
smtp_sasl_password_maps =
smtp_sasl_security_options = noplaintext, noanonymous
smtp_sasl_tls_security_options = $var_smtp_sasl_opts
smtp_sasl_tls_verified_security_options = $var_smtp_sasl_tls_opts
smtp_tls_CAfile = /etc/postfix/CAcert.pem
smtp_tls_CApath =
smtp_tls_cert_file = /etc/postfix/berlioz-cert.pem
smtp_tls_key_file = /etc/postfix/berlioz-key.pem
smtp_tls_loglevel = 0
smtp_tls_session_cache_database = sdbm:/etc/postfix/smtp_scache
smtp_use_tls = no
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_restrictions =
smtpd_error_sleep_time = 1s
smtpd_hard_error_limit = 20
smtpd_helo_required = yes
smtpd_helo_restrictions =
smtpd_history_flush_threshold = 100
smtpd_recipient_limit = 1000
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination,
reject_invalid_hostname, check_client_access
hash:/etc/postfix/maps/ClientCheck, check_helo_access
hash:/etc/postfix/maps/HeloCheck, check_sender_access
hash:/etc/postfix/maps/SenderCheck, check_recipient_access
hash:/etc/postfix/maps/RecipientCheck, reject_unauth_pipelining,
reject_non_fqdn_sender, reject_unknown_sender_domain,
reject_non_fqdn_recipient, reject_unknown_recipient_domain,
reject_rbl_client bl.spamcop.net, reject_rbl_client relays.ordb.org,
reject_rbl_client dun.dnsrbl.net, reject_rbl_client cbl.abuseat.org,
reject_rbl_client sbl.spamhaus.org, reject_rbl_client list.dsbl.org,
reject_rbl_client opm.blitzed.org
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sender_restrictions =
smtpd_soft_error_limit = 10
smtpd_timeout = 300s
smtpd_tls_CAfile = /etc/postfix/CAcert.pem
smtpd_tls_CApath = /usr/local/ssl/certs
smtpd_tls_ask_ccert = no
smtpd_tls_auth_only = yes
smtpd_tls_ccert_verifydepth = 5
smtpd_tls_cert_file = /etc/postfix/berlioz-cert.pem
smtpd_tls_key_file = /etc/postfix/berlioz-key.pem
smtpd_tls_loglevel = 0
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = sdbm:/etc/postfix/smtpd_scache
smtpd_use_tls = yes
strict_rfc821_envelopes = yes
tls_random_source = dev:/dev/urandom
unknown_address_reject_code = 450
unknown_client_reject_code = 450
unknown_hostname_reject_code = 450
unknown_local_recipient_reject_code = 450
best regards
Longina
--
Longina Przybyszewska, system programmer
Dept. of Math. & Comp. Sci. - IMADA
University of Southern Denmark, Odense
Campusvej 55,DK-5230 Odense M, Denmark
tel: +45 6550 2359 - http://www.imada.sdu.dk email:
--
|
|
|