I'm getting spam messages appearing to be sent remotely from local users. Here's my log:
Aug 30 11:46:28 ghost postfix/smtpd[26223]: connect from ppp-124-122-30-5.revip2.asianet.co.th[124.122.30.5] Aug 30 11:46:30 ghost postfix/smtpd[26223]: 42593163773: client=ppp-124-122-30-5.revip2.asianet.co.th[124.122.30.5] Aug 30 11:46:31 ghost postfix/cleanup[26225]: 42593163773: message-id=<20090830094630.42593163...@ghost.emg-systems.com> Aug 30 11:46:31 ghost postfix/qmgr[21028]: 42593163773: from=<mylocalu...@emg-systems.com>, size=2438, nrcpt=1 (queue active) Aug 30 11:46:31 ghost amavis[25393]: (25393-11) ESMTP::10024 /var/spool/amavis/tmp/amavis-20090830T075552-25393: <mylocalu...@emg-systems.com> -> <mylocalu...@emg-systems.com> SIZE=2438 Received: from ghost.emg-systems.com [... here checking by amavis and spam-tagging...] Aug 30 11:46:37 ghost postfix/cleanup[26225]: AC044163811: message-id=<20090830094630.42593163...@ghost.emg-systems.com> Aug 30 11:46:37 ghost postfix/qmgr[21028]: AC044163811: from=<mylocalu...@emg-systems.com>, size=3431, nrcpt=1 (queue active) Aug 30 11:46:37 ghost postfix/smtpd[26229]: disconnect from localhost[127.0.0.1] Aug 30 11:46:37 ghost amavis[25393]: (25393-11) FWD via SMTP: <mylocalu...@emg-systems.com> -> <mylocalu...@emg-systems.com>, 250 2.6.0 Ok, id=25393-11, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as AC044163811 [...] Aug 30 11:46:38 ghost postfix/lmtp[26232]: AC044163811: to=<mylocalu...@emg-systems.com>, relay=ghost.emg-systems.com[/var/lib/imap/socket/lmtp], delay=0.43, delays=0.12/0.04/0.02/0.25, dsn=2.1.5, status=sent (250 2.1.5 Ok) Aug 30 11:46:38 ghost postfix/qmgr[21028]: AC044163811: removed How come my server accepts deliveries of this kind? Here's my configuration: ghost:~ # postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 daemon_directory = /usr/lib/postfix debug_peer_level = 2 delay_warning_time = 4h disable_vrfy_command = yes html_directory = /usr/share/doc/packages/postfix/html inet_interfaces = all inet_protocols = all local_recipient_maps = mail_owner = postfix mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mydomain = emg-systems.com myhostname = ghost.emg-systems.com mynetworks = 127.0.0.1/32, 192.168.1.0/24, 83.16.74.124/30 myorigin = $mydomain newaliases_path = /usr/bin/newaliases queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/packages/postfix/README_FILES recipient_delimiter = + relay_domains = emg-systems.com relay_recipient_maps = hash:/etc/postfix/relay_recipients relayhost = sample_directory = /usr/share/doc/packages/postfix/samples sendmail_path = /usr/sbin/sendmail setgid_group = maildrop smtpd_client_restrictions = permit_mynetworks, reject_unknown_client, permit smtpd_data_restrictions = reject_unauth_pipelining, permit smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_helo_restrictions = reject_unknown_helo_hostname, permit smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination, check_recipient_access hash:/etc/postfix/relay_recipients, permit_mynetworks, check_relay_domains, reject_invalid_hostname, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_destination, reject_unverified_recipient, reject_rbl_client dynamic.rbl.tld, reject_rbl_client opm.blitzed.org, reject_rbl_client list.dsbl.org, reject_rbl_client sbl.spamhaus.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client dul.dnsbl.sorbs.net, permit smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $mydomain smtpd_sasl_security_options = noanonymous smtpd_sender_restrictions = reject_unknown_sender_domain, check_client_access hash:/etc/postfix/helo_bypass, reject_non_fqdn_hostname, permit smtpd_tls_CAfile = /etc/mailcert/CA/cacert.pem smtpd_tls_cert_file = /etc/mailcert/newcert.pem smtpd_tls_key_file = /etc/mailcert/newreq.pem smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 unknown_relay_recipient_reject_code = 550 rangifer
