On Mon, Jan 11, 2010 at 04:44:23PM -0300, Damian Rivas wrote:
Noel Jones
> >Post logs here if you don't know how to evaluate them.
>
> >My wild guess is that you have an abused web form, but check
> >the logs before you go running around telling everyone your
> >web server is hacked.
>
> Noel, it's not my web server the problem, or I guess it isn't, it's
> my outgoing mail server that has the problem and it is because I'm
> not finding a way to properly check my valid senders.
Your guess is not correct. The logs we would need to see are ones
where suspected spam arrives. You showed the ones going out, not
useful at all.
> In an inconming mail relay built on Postfix you can build a list of
> valid recipients and reject the invalid ones. Isn't there a similar
> option to validate senders?
Yes, but this is not the problem you are seeing.
> And, is there a way validate if that sender has come out from my
> network? I was thinking in those two things to stop this.
This is Postfix default behavior.
> Anyway, I'm posting some logs from the mailqueue:
>
> ----
> Jan 11 16:42:43 impcht3 postfix/qmgr[29558]: DC2C94D86B:
> from=<t...@963.net>, size=6006, nrcpt=1 (queue active)
Do you suspect this one is spam? Find when queue ID DC2C94D86B first
appeared in your logs, and the correlated smtpd "Connect from" line
which preceded it, or postfix/pickup line if Noel's guess was right
(I bet it was.) Repeat for one or two other suspects. Post results.
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
