/dev/rob0 wrote:
Please don't top-post. Thank you.
On Wed March 4 2009 17:10:49 Jim McIver wrote:
Guess I'm confused. I have a relay_recipient and recipient_access
files listing only valid user's email addresses for my company.
ie..
relay_recipients
bg...@lmtribune.com any_value
bi...@lmtribune.com any_value
bjohn...@lmtribune.com any_value
recipient_access
bg...@lmtribune.com permissive
bi...@lmtribune.com permissive
bjohn...@lmtribune.com permissive
This sounds right. You could use the same map for both purposes.
There's nothing magical about "any_value", in fact, the lookup result
for relay_recipient_maps is ignored. So it might as well be
"permissive" or "restrictive" or whatever.
and nothing in virtual_alias_maps. I just seem to be getting hammered
with yahoo.co.jp and wanted to block .co.jp or even .jp.
Putting info in putting .jp in access_client, sender_access or
client_access doesn't seem to stop it.
Sorry for my lack of understanding.
Show the logs for the suspicious mailq entries when they first arrived.
Not the smtp(8) logs showing you being blocked by yahoo.co.jp's MX
hosts.
My WAG here: your Postfix configuration is correct, rejecting unknown
recipients, but the @yahoo.co.jp senders originated from your own
server. Compromised HTTP+PHP service?
Here's a snippet from maillog, but not sure if it's what your looking for:
Mar 4 15:10:13 mail postfix/smtpd[56190]: warning: Illegal address
syntax from unknown[113.9.198.198] in MAIL co
mmand: bikedev...@yahoo.co.jp
Mar 4 15:10:15 mail postfix/smtpd[56172]: warning: 81.25.227.150:
address not listed for hostname mail.medterm.o
d.ua
Mar 4 15:10:15 mail postfix/smtpd[56172]: connect from
unknown[81.25.227.150]
Mar 4 15:10:15 mail postfix/smtpd[56190]: NOQUEUE: reject_warning: RCPT
from unknown[113.9.198.198]: 450 Client
host rejected: cannot find your hostname, [113.9.198.198];
from=<bikedev...@yahoo.co.jp> to=<odrawh...@dnews.com>
proto=SMTP helo=<yahoo.co.jp>
Mar 4 15:10:15 mail postfix/smtpd[56190]: E35C331:
client=unknown[113.9.198.198]
Mar 4 15:10:18 mail postfix/cleanup[56217]: E35C331:
message-id=<20090304231015.e35c...@mail.lmtribune.com>
Mar 4 15:10:18 mail postfix/qmgr[56169]: E35C331:
from=<bikedev...@yahoo.co.jp>, size=966, nrcpt=1 (queue active
)
Mar 4 15:10:18 mail postfix/smtp[56178]: E35C331:
to=<odrawh...@dnews.com>, relay=127.0.0.1[127.0.0.1], delay=3,
status=bounced (host 127.0.0.1[127.0.0.1] said: 557 Invalid routing
request - domain in BLACK LIST. (in reply to
MAIL FROM command))
Mar 4 15:10:18 mail postfix/cleanup[56175]: 5ABF260:
message-id=<20090304231018.5abf...@mail.lmtribune.com>
Mar 4 15:10:18 mail postfix/qmgr[56169]: 5ABF260: from=<>, size=2926,
nrcpt=1 (queue active)
Mar 4 15:10:18 mail postfix/qmgr[56169]: E35C331: removed
Mar 4 15:10:19 mail postfix/smtpd[56190]: disconnect from
unknown[113.9.198.198]
Mar 4 15:10:20 mail postfix/smtp[56178]: 5ABF260:
to=<bikedev...@yahoo.co.jp>, relay=mx1.mail.yahoo.co.jp[124.83
.171.181], delay=2, status=bounced (host
mx1.mail.yahoo.co.jp[124.83.171.181] said: 553 VS10-RT Possible forgery
or deactivated due to abuse (#5.1.1) bikedev...@yahoo.co.jp (in reply to
RCPT TO command))
Mar 4 15:10:21 mail postfix/qmgr[56169]: 5ABF260: removed
