- Previous message: Noel Jones: "RE: Looking to bypass blackhole lists for certain users"
- Maybe in reply to: Matthew Hebert: "Transaction Time Slow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
|
|
|
From: Sandy Drobic (no email)
Date: Thu Feb 01 2007 - 15:21:59 EST
Matthew Hebert wrote:
> Sandy,
>
> An example of what is happening.
> 1. Send an email from outside source
> 2. view logs to see if transaction takes place
> 3. logs never show email entering our system.
>
> Does not happen to all external sources. We are receiving mail, but I used
> mxtoolbox.com to run diagnostics and to which the results of the
> transaction
> time is over 10 seconds. Earlier this week it was .05 seconds or something
> that fast.
>
> This is my postconf -n
>
> alias_maps = hash:/etc/aliases
> canonical_maps = hash:/etc/postfix/canonical
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> content_filter = vscan:[127.0.0.1]:10025
> daemon_directory = /usr/lib/postfix
> debug_peer_level = 2
> default_destination_concurrency_limit = 20
> default_process_limit = 500
> defer_transports =
> disable_dns_lookups = no
> header_checks = regexp:/etc/postfix/header_checks
> html_directory = /usr/share/doc/packages/postfix/html
> inet_interfaces = all
> local_destination_concurrency_limit = 2
> local_recipient_maps =
local_recipient_maps contains the valid addresses for domains in
mydestination. If that parameter is empty, no recipient validation takes
place for these domains.
In other words: you are (in danger|already exploited) as a backscatter
source. Your Postfix will accept mails for these domains and then try to
return mails to invalid recipients to the (in case of spam|viruses) forged
sender addresses.
You should either set up local_recipient_maps with tables of valid
addresses or remove the domains in mydestination.
Check the output of "mailq" if you see a lot of mails from MAILER-DAEMON.
> mail_owner = postfix
> mail_spool_directory = /var/mail
> mailbox_command =
> mailbox_size_limit = 0
> mailbox_transport =
> mailq_path = /usr/bin/mailq
> manpage_directory = /usr/share/man
> masquerade_classes = envelope_sender, header_sender, header_recipient
> masquerade_domains =
> masquerade_exceptions = root
> maximal_backoff_time = 2h
> maximal_queue_lifetime = 2d
> message_size_limit = 15730000
> minimal_backoff_time = 450s
> mydestination = $myhostname localhost.$mydomain localhost
> $mydomai n
> mydomain = dss.state.la.us
> myhostname = xxx.xxx.xxx
> mynetworks = xxx.xxx.xxx,xxx.xxx.xxx
> myorigin = $mydomain
> newaliases_path = /usr/bin/newaliases
> queue_directory = /var/spool/postfix
> queue_run_delay = 225s
> readme_directory = /usr/share/doc/packages/postfix/README_FILES
> relayhost =
> relocated_maps = hash:/etc/postfix/relocated
> sample_directory = /usr/share/doc/packages/postfix/samples
> sender_canonical_maps = hash:/etc/postfix/sender_canonical
> sendmail_path = /usr/sbin/sendmail
> setgid_group = maildrop
> smtp_sasl_auth_enable = no
> smtp_use_tls = no
> smtpd_banner = $myhostname NO UCE ESMTP
> smtpd_client_restrictions =
> smtpd_helo_required = yes
> smtpd_helo_restrictions =
> smtpd_recipient_restrictions =
> reject_non_fqdn_recipient
> reject_unverifie d_recipient
Typo?
> reject_unknown_recipient_domain
> reject_non_fqdn_sender
> reject_unknown_sender_domain
> permit_mynetworks
> reject_unauth_destin ation
Again, typo?
> reject_invalid_hostname
> check_sender_access
> hash:/etc/postfix/sender_access
One line?
> check_helo_access regexp:/etc/postfix/helo_checks
> reject_unauth_pipelining
> reject_rbl_client
> bl.spamcop.net
> reject_rbl_client zen.spamhaus.org
> check_sender_access
> hash:/etc/postfix/rhsbl_sender_excep tions
Typo? One line?
> reject_rhsbl_sender dsn.rfc-ignorant.org
> permit
> smtpd_sasl_auth_enable = no
> smtpd_sender_restrictions = hash:/etc/postfix/access
> smtpd_use_tls = no
> strict_rfc821_envelopes = yes
> transport_maps = hash:/etc/postfix/transport
> unknown_local_recipient_reject_code = 550
> virtual_mailbox_domains =
> xxx.xxx.xxx
> xxx.xxx.xxx
Valid recipients for virtual_mailbox_domains are set up with
virtual_mailbox_maps. So, no recipient validation for these domains either.
I strongly suspect that spammers are filling your queue with mails for
invalid recipients. Check your log for bounces to your domain and output
of "mailq" for mailer daemon messages.
http://www.postfix.org/ADDRESS_CLASS_README.html#classes
http://www.postfix.org/LOCAL_RECIPIENT_README.html#main_config
http://www.postfix.org/VIRTUAL_README.html#virtual_mailbox
-- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com
|
|
|