On Wednesday 20 March 2002 11:30, Vineet Kumar wrote: > * martin f krafft ([EMAIL PROTECTED]) [020319 19:48]: > > it's either too late in the night or here's something going on. > > IP=3D195.226.187.154, postfix 1.1.3-1 on debian woody, port 25, > > mailhost for 27 domains, otherwise closed relay. > > > > now i find this in the logs: > > > > postfix/smtpd[6023]: connect from host074125.arnet.net.ar [200.45.74.125] > > postfix/smtpd[6023]: 6937F1673D: > > client=host074125.arnet.net.ar[200.45.74.125] postfix/cleanup[6024]: > > 6937F1673D: message-id=<[EMAIL PROTECTED]> > > postfix/qmgr[31979]: 6937F1673D: from=<[EMAIL PROTECTED]>, size=5880, > > nrcpt=25 (queue active) postfix/smtp[6038]: 6937F1673D: > > to=<[EMAIL PROTECTED]>, relay=mailin-02.mx.aol.com[64.12.136.121], > > delay=7, status=sent (250 OK) > > > > try it, it's a closed relay. there *exists* tls client authentication > > but that would be logged. how the heck can this happen??? > > FWIW, I did try a very basic relay test and received 554 Relay access > denied, though I don't know if that makes you feel more or less sane =) > > It might be worthwhile to get a more thorough probe from orbz.
orbz has shut itself down, see /. article: http://slashdot.org/yro/02/03/20/1528246.shtml?tid=111 > Do all incoming messages (i.e. legitimately relayed for your customers) > look pretty much like that? I mean they show > relay=some.other.mailserver? I'm thinking maybe it was specified via a > percent-hack or something. Orbz should find that if it is the case. I > haven't used postfix, so I can't say where to look. > > good times, > Vineet
