From: Victor Duchovni (no email)
Date: Mon Oct 01 2007 - 17:17:49 EDT
On Mon, Oct 01, 2007 at 11:11:54PM +0200, Eddy Ilg wrote:
> Hi,
>
> our mailserver is filling it's queue with mails that it should not
> accept. E.g.:
> sender:
> recipient:
The vast majority of similar cases are HTTP feedback forms, or other
insecure CGI scripts. Logs reveal how the email enters your system.
> Received: by mail.dextermedia.net (Postfix, from userid 1001)
> id 082E98062CC; Sat, 29 Sep 2007 14:37:42 +0200 (CEST)
This message arrived via a local submission from user "1001", not
via SMTP. Likely this is a web-server application account.
To plug the leak while you look more closely:
authorized_submit_users = !login1001, static:all
where "login1001" is the login name in /etc/passwd that goes with
uid 1001.
-- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the "Reply-To" header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: <mailto:?body=unsubscribe%20postfix-users> If my response solves your problem, the best way to thank me is to not send an "it worked, thanks" follow-up. If you must respond, please put "It worked, thanks" in the "Subject" so I can delete these quickly.
|
|
|