* martin f krafft ([EMAIL PROTECTED]) [020319 19:48]: > it's either too late in the night or here's something going on. > IP=3D195.226.187.154, postfix 1.1.3-1 on debian woody, port 25, > mailhost for 27 domains, otherwise closed relay. > > now i find this in the logs: > > postfix/smtpd[6023]: connect from host074125.arnet.net.ar [200.45.74.125] > postfix/smtpd[6023]: 6937F1673D: > client=host074125.arnet.net.ar[200.45.74.125] > postfix/cleanup[6024]: 6937F1673D: message-id=<[EMAIL PROTECTED]> > postfix/qmgr[31979]: 6937F1673D: from=<[EMAIL PROTECTED]>, size=5880, > nrcpt=25 (queue active) > postfix/smtp[6038]: 6937F1673D: to=<[EMAIL PROTECTED]>, > relay=mailin-02.mx.aol.com[64.12.136.121], delay=7, status=sent (250 OK) > > try it, it's a closed relay. there *exists* tls client authentication > but that would be logged. how the heck can this happen???
FWIW, I did try a very basic relay test and received 554 Relay access denied, though I don't know if that makes you feel more or less sane =) It might be worthwhile to get a more thorough probe from orbz. Do all incoming messages (i.e. legitimately relayed for your customers) look pretty much like that? I mean they show relay=some.other.mailserver? I'm thinking maybe it was specified via a percent-hack or something. Orbz should find that if it is the case. I haven't used postfix, so I can't say where to look. good times, Vineet -- Currently seeking opportunities in the SF Bay Area Please see http://www.doorstop.net/resume/
pgpa15ZJHuORa.pgp
Description: PGP signature
