Ivan Ricotti wrote:
Hi,
thanks for your reply.
Brian Evans - Postfix List wrote:
Look a few lines above this. Why did you accept mail for a non-existent
user?
But I do *not* accept mail for non-existent users:
Mar 26 09:27:11 athene postfix/smtpd[29704]: NOQUEUE: reject: RCPT from
mail02.mail.esat.net[193.120.142.82]: 450 4.1.1
<3f6f17ca.813b5...@elabor.homelinux.org>: Recipient address rejected:
undeliverable address: unknown user:
"3f6f17ca.813b5...@elabor.homelinux.org"; from=<mem...@ebay.it>
to=<3f6f17ca.813b5...@elabor.homelinux.org> proto=ESMTP
helo=<mail02.mail.esat.net>
Did it arrive via smtpd or pickup? Where did it arrive from?
The above is the result of a postfix
reject_unverified_recipient check. The double_bounce entries
you see are address probes. In other words, these are not in
any way related to your problem.
Since you so far haven't shown anything remotely suspicious in
your postfix config or logs, most likely you have some virus
infected client machines that are sending mail direct to the
recipient's MX - *not* relaying through your postfix.
The first thing you must do is make sure that your border
firewall or router prevents outgoing connections to
destination port 25 for everyone except your postfix box.
Then at least an infected machine can't spew its payload.
(A better design is to have a separate IP for "official" mail
and another IP used for client internet access. Then client
misbehavior doesn't affect the mail system. of course that
means you must have more than one IP...)
Once you stop the garbage with your firewall, you can then use
firewall logs or a network sniffer to see what IP is trying to
send mail. Look for connections to destination port 25 that
don't originate from your postfix box.
At this point, your problem doesn't appear to be a postfix
problem, nor something that can be addressed in postfix.
-- Noel Jones
