From: Jon Langton (no email)
Date: Thu Jan 01 2004 - 13:57:35 EST
I entered my mail server into www.ordb.org and verified that I am not an
open relay yesterday.
Here is the /var/log/maillog
Dec 28 04:05:41 mail2 postfix/qmgr[17413]: AA8922B0032: from=<>, size=3337,
nrcpt=1 (queue active)
Dec 28 04:05:41 mail2 postfix/qmgr[17413]: A244D2B0133: from=<>, size=2619,
nrcpt=1 (queue active)
Dec 28 04:05:41 mail2 postfix/qmgr[17413]: 731572B005B: from=<>, size=2423,
nrcpt=1 (queue active)
Dec 28 04:05:41 mail2 postfix/qmgr[17413]: 73C012B005C: from=<>, size=2379,
nrcpt=1 (queue active)
Dec 28 04:05:41 mail2 postfix/qmgr[17413]: 7040C2B0057: from=<>, size=1746,
nrcpt=1 (queue active)
Dec 28 04:05:41 mail2 postfix/qmgr[17413]: 7F84F2B00C4: from=<>, size=3791,
nrcpt=1 (queue active)
Dec 28 04:05:41 mail2 postfix/qmgr[17413]: 719EF2B007F: from=<>, size=2399,
nrcpt=1 (queue active)
Dec 28 04:05:41 mail2 postfix/qmgr[17413]: 7E04D2B0135: from=<>, size=2394,
nrcpt=1 (queue active)
Dec 28 04:05:41 mail2 postfix/qmgr[17413]: 7F7592B0021: from=<>, size=3015,
nrcpt=1 (queue active)
Dec 28 04:05:41 mail2 postfix/qmgr[17413]: 79C352B00C8: from=<>, size=3043,
nrcpt=1 (queue active)
Dec 28 04:05:41 mail2 postfix/smtp[526]: warning: numeric domain name in
resource data of MX record for sm66.com: 66.239.204.197
Dec 28 04:05:41 mail2 postfix/smtp[526]: warning: numeric domain name in
resource data of MX record for sm66.com: 63.209.156.64
Dec 28 04:05:41 mail2 postfix/smtp[510]: connect to
mail.sitesthatarecool.com[209.133.120.80]: Connection refused (port 25)
Dec 28 04:05:41 mail2 postfix/smtp[511]: connect to
mail.flowersandkittens.com[209.133.120.80]: Connection refused (port 25)
Dec 28 04:05:41 mail2 postfix/smtp[512]: connect to
mail.chixdigyou.com[209.133.120.80]: Connection refused (port 25)
Dec 28 04:05:41 mail2 postfix/smtp[513]: connect to
mail.footjerk.com[209.133.120.80]: Connection refused (port 25)
Dec 28 04:05:41 mail2 postfix/smtp[510]: 144A72B0004:
to=<>, relay=none, delay=383481,
status=deferred (connect to mail.sitesthatarecool.com[209.133.120.80]:
Connection refused)
Dec 28 04:05:41 mail2 postfix/smtp[520]: connect to
mail.cordis.lu[212.190.217.57]: Connection refused (port 25)
Dec 28 04:05:41 mail2 postfix/smtp[525]: connect to
mail.euroseek.com[64.246.42.47]: Connection refused (port 25)
Dec 28 04:05:41 mail2 postfix/smtp[524]: connect to
mail.optinmailrequested.com[209.133.120.80]: Connection refused (port 25)
Dec 28 04:05:41 mail2 postfix/smtp[511]: 155812B0039:
to=<>, relay=none, delay=119553,
status=deferred (connect to mail.flowersandkittens.com[209.133.120.80]:
Connection refused)
Dec 28 04:05:41 mail2 postfix/smtp[512]: 156142B0027:
to=<>, relay=none, delay=272523, status=deferred
(connect to mail.chixdigyou.com[209.133.120.80]: Connection refused)
Dec 28 04:05:41 mail2 postfix/smtp[513]: 1AD522B000A:
to=<>, relay=none, delay=383351, status=deferred
(connect to mail.footjerk.com[209.133.120.80]: Connection refused)
Dec 28 04:05:41 mail2 postfix/smtp[525]: connect to
ns2.appleisp.net[64.186.173.141]: Connection refused (port 25)
Dec 28 04:05:41 mail2 postfix/smtp[520]: 535BE2B0110:
to=<>, relay=none, delay=62580, status=deferred (connect
to mail.cordis.lu[212.190.217.57]: Connection refused)
Dec 28 04:05:41 mail2 postfix/smtp[513]: connect to
a.mx.newsletter.forecastmail.com[216.64.221.52]: Connection refused (port
25)
Dec 28 04:05:41 mail2 postfix/smtp[550]: warning: numeric domain name in
resource data of MX record for intrstar.com: 10.0.0.1
Dec 28 04:05:41 mail2 postfix/smtp[550]: warning: numeric domain name in
resource data of MX record for intrstar.com:
10.0.0.2
And here is postconf -n
alias_database = hash:/etc/postfix/aliases
biff = no
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
empty_address_recipient = jlangton
header_checks = regexp:/etc/postfix/header_checks
inet_interfaces = all
local_transport = error:local mail delivery has been disabled on this server
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
message_size_limit = 25000000
mydestination = fastaff.com, faststaff.com, usnursing.com, nursing.com,
nursejob.com, psc.cc
mydomain = fastaff.com
myhostname = mail2.fastaff.com
mynetworks = 192.168.1.5/32
myorigin = fastaff.com
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
queue_minfree = 8000000
readme_directory = /etc/postfix/README-dir
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_banner = mail2.fastaff.com ESMTP
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination,
reject_non_fqdn_recipient
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 450
-----Original Message-----
From: Magnus Bäck [mailto:]
Sent: Thursday, January 01, 2004 11:09 AM
To:
Subject: Re: postfix not checking header_checks file
On Thu, Jan 01, 2004 at 10:52:52AM -0700,
Jon Langton <> wrote:
> I screwed up my last email. Here is what I have:
> header_checks = regexp:/etc/postfix/header_checks in main.cf
> /^From: .*<>/ REJECT in header_checks file
Sigh. Why is it so hard for some people to just cut and paste, and
thereby avoid the problem of typos? You're wasting my time.
> With this config I see in /var/log/maillog an entry of From=<> size=3225,
> nrcpt=1 (queue active) then I see a bunch of outbound emails so I am
> assuming that they are using a null? from field to fool postfix into
> relaying email. Any ideas how to prevent this?
A null sender indicates a bounce. You *can* reject these (although not
with a header check as you've been attempting), but you must not do so.
Post your configuration ("postconf -n") and all relevant log entries for
a transaction like the one you described, and we can help you.
The problem here is that you might be an open relay. Ask about that. Do
not guess yourself to a solution and ask how that solution should be
implemented.
-- Magnus Bäck
|
|
|