[linux] postfix spam problem

Marek Podmaka marki na host.sk
Úterý Červen 15 12:50:15 CEST 2004


Hi!

Neviete v com moze byt problem? Nechapem ako sa mohol niekto pripojit z IP 
127.0.1.50? A aj to pripojenie zo 127.0.0.1 je nejake divne, lebo s takym 
messageID to nemal kto poslat... Je chyba v konfiguracii postfixu? Ale ved 
mynetworks = 127.0.0.0/8 je tusim aj default...

A este jedna otazocka... pokial sa ID mailu prvykrat objavi v hlaske qmgr, 
tak to vygeneroval sam postfix? (s from=<>) To asi ide len o pokus 
postfixu dorucit hlasku o nedorucitelnosti tychto divnych mailov...

===mail.log===
Jun 12 19:26:16 server postfix/smtpd[5102]: 048E047B45: 
client=server[127.0.0.1]
Jun 12 19:26:26 server postfix/cleanup[5103]: 048E047B45: 
message-id=<9$54sr$sb9zy00--p na avqg4v.w482m>
Jun 12 19:26:26 server postfix/qmgr[7379]: 048E047B45: 
from=<yuonneabdallahjef na wadsnaz.every1.net>, size=1930, nrcpt=20 (queue 
active)
Jun 12 19:26:27 server postfix/smtp[5125]: warning: numeric domain name in 
resource data of MX record for holtkamphvac.com: 127.0.0.1
Jun 12 19:26:27 server postfix/smtp[5125]: warning: mailer loop: best MX 
host for holtkamphvac.com is local
Jun 12 19:26:27 server postfix/smtp[5125]: 048E047B45: 
to=<eatafone na holtkamphvac.com>, relay=none, delay=11, status=bounced (mail 
for holtkamp
hvac.com loops back to myself)
Jun 12 19:26:27 server postfix/smtp[5125]: 048E047B45: 
to=<eatalone na holtkamphvac.com>, relay=none, delay=11, status=bounced (mail 
for holtkamp
hvac.com loops back to myself)
Jun 12 19:26:27 server postfix/smtp[5125]: 048E047B45: 
to=<eatbe53102 na holtkamphvac.com>, relay=none, delay=11, status=bounced 
(mail for holtka
mphvac.com loops back to myself)


Jun 12 19:27:10 server postfix/smtpd[5102]: warning: 127.0.1.50: address 
not listed for hostname localhost
Jun 12 19:27:10 server postfix/smtpd[5102]: connect from 
unknown[127.0.1.50]
Jun 12 19:27:11 server postfix/smtpd[5102]: A42D547B45: 
client=unknown[127.0.1.50]
Jun 12 19:27:13 server postfix/cleanup[5103]: A42D547B45: 
message-id=<x--$u3-8t$t4-m4$c9$1u$es na yy7.q9.n2.w6>
Jun 12 19:27:13 server postfix/qmgr[7379]: A42D547B45: 
from=<gemmamilliard na daytonastudents.com>, size=2169, nrcpt=1 (queue 
active)
Jun 12 19:27:14 server postfix/smtp[5125]: warning: numeric domain name in 
resource data of MX record for ispan.com: 127.0.1.50
Jun 12 19:27:14 server postfix/smtpd[5102]: disconnect from 
unknown[127.0.1.50]
Jun 12 19:27:14 server postfix/smtpd[5609]: warning: 127.0.1.50: address 
not listed for hostname localhost
Jun 12 19:27:14 server postfix/smtpd[5609]: connect from 
unknown[127.0.1.50]
Jun 12 19:27:14 server postfix/smtp[5125]: warning: host 
127.0.1.50[127.0.1.50] greeted me with my own hostname server
Jun 12 19:27:14 server postfix/smtp[5125]: warning: host 
127.0.1.50[127.0.1.50] replied to HELO/EHLO with my own hostname server
Jun 12 19:27:14 server postfix/smtp[5125]: A42D547B45: to=<sm na ispan.com>, 
relay=127.0.1.50[127.0.1.50], delay=3, status=bounced (mail for ispa
n.com loops back to myself)
Jun 12 19:27:14 server postfix/smtpd[5609]: lost connection after EHLO 
from unknown[127.0.1.50]
Jun 12 19:27:14 server postfix/smtpd[5609]: disconnect from 
unknown[127.0.1.50]
Jun 12 19:27:14 server postfix/cleanup[5103]: BFAC847B4B: 
message-id=<20040612172714.BFAC847B4B na server>
Jun 12 19:27:14 server postfix/qmgr[7379]: BFAC847B4B: from=<>, size=3664, 
nrcpt=1 (queue active)
Jun 12 19:27:16 server postfix/smtp[5125]: BFAC847B4B: 
to=<gemmamilliard na daytonastudents.com>, 
relay=sitemail.everyone.net[216.200.145.35], de
lay=2, status=bounced (host sitemail.everyone.net[216.200.145.35] said: 
552 Recipient Rejected: Sorry, the mailbox for gemmamilliard na daytonast
udents.com is full, please try resending mail later)
======

=== vynatky z postconf ===
smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-client.cf
smtpd_etrn_restrictions =
smtpd_helo_restrictions =
smtpd_recipient_restrictions = permit_sasl_authenticated,        
reject_maps_rbl, permit_mynetworks, reject_unauth_destination, check_relay_domains
smtpd_restriction_classes =
smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-sender.cf
mynetworks = 127.0.0.0/8
mynetworks_style = subnet
parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps
permit_mx_backup_networks =
relay_domains = $mydestination
relay_domains_reject_code = 554
relayhost =
fast_flush_domains = $relay_domains
luser_relay =
maps_rbl_domains = relays.ordb.org list.dsbl.org
======

Hmmm to permit_mx_backup_networks este neznamena, ze je zapnute 
permit_mx_backup, nie? Lebo to by teoreticky mohol byt problem, kedze ta 
domena ma ako MX 127.0.0.1, ale aj tak nechapem ako mohli byt connections 
z tychto adries...

-- 
   bYE, Marki <marki na nexin.sk>




Další informace o konferenci linux