[linux] postfix spam problem

[Matus UHLAR - fantomas]

On 15.06 12:50, Marek Podmaka wrote:
> Neviete v com moze byt problem? Nechapem ako sa mohol niekto pripojit z IP 
> 127.0.1.50? A aj to pripojenie zo 127.0.0.1 je nejake divne, lebo s takym 
> messageID to nemal kto poslat... Je chyba v konfiguracii postfixu? Ale ved 
> mynetworks = 127.0.0.0/8 je tusim aj default...

je to tvoja masina... nemas tam nejaky nevhodny software?

> A este jedna otazocka... pokial sa ID mailu prvykrat objavi v hlaske qmgr, 
> tak to vygeneroval sam postfix? (s from=<>) 

from <> vacsinou znamena ze ide o DSN, je to specialna forma adresy odosielatela

> To asi ide len o pokus 
> postfixu dorucit hlasku o nedorucitelnosti tychto divnych mailov...

zrejme ano

> ===mail.log===
> Jun 12 19:26:27 server postfix/smtp[5125]: warning: numeric domain name in 
> resource data of MX record for holtkamphvac.com: 127.0.0.1
> Jun 12 19:26:27 server postfix/smtp[5125]: warning: mailer loop: best MX 
> host for holtkamphvac.com is local

uhlar na fantomas% mx holtkamphvac.com
holtkamphvac.com mail is handled by 10 127.0.0.1

niekto ti poslal mail so spatnou adresou @holtkamphvac.com a tvoj postfix
sa snazi dorucit chybovu hlasku...

> === vynatky z postconf ===
> smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-client.cf
> smtpd_etrn_restrictions =
> smtpd_helo_restrictions =
> smtpd_recipient_restrictions = permit_sasl_authenticated,        
> reject_maps_rbl, permit_mynetworks, reject_unauth_destination, check_relay_domains
> smtpd_restriction_classes =
> smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-sender.cf
> mynetworks = 127.0.0.0/8
> mynetworks_style = subnet
> parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps
> permit_mx_backup_networks =
> relay_domains = $mydestination
> relay_domains_reject_code = 554
> relayhost =
> fast_flush_domains = $relay_domains
> luser_relay =
> maps_rbl_domains = relays.ordb.org list.dsbl.org
> ======

> Hmmm to permit_mx_backup_networks este neznamena, ze je zapnute 
> permit_mx_backup, nie? Lebo to by teoreticky mohol byt problem, kedze ta 
> domena ma ako MX 127.0.0.1, ale aj tak nechapem ako mohli byt connections 
> z tychto adries...

to neviem, ale mam silny pocit ze mat mynetworks v
parent_domain_matches_subdomains ma za nasledok ze tvoj postfix povazuje
postu pre holtkamphvac.com za vlastnu a pokusa sa ju dorucit...

-- 
Matus UHLAR - fantomas, uhlar na fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Posli tento mail 100 svojim znamim - nech vidia aky si idiot
Send this email to 100 your friends - let them see what an idiot you are