>>>On Mon, Jan 11, 2010 at 06:15:21PM -0300, Damian Rivas wrote: > >> mynetworks = 127.0.0.0/8, 200.55.14.248/29, 190.210.52.88/29 > > >These are the hosts allowed to relay. Don't mung the IP addresses. snip
>> All mailing incomes seem to come from ns1.cht.com.ar, which is a >> gateway for the internal mail server, this is by the way, where >ns1.cht.com.ar. 3600 IN A 200.55.14.250 >Indeed, this host is in your $mynetworks. Exclude it using the "!" >syntax, see example at postconf.5.html#mynetworks . I cannot exclude that address, it is one of the two gateways the users in the organization use, I fixed the problem with other solution. >> they are normally sent. There were no smtpd outputs before because >> the Spam was cycling and there was no room for any new mail. (I >> deleted all the spammer mails, of course they keep coming). >Stop this at once! The ongoing abuse has probably gotten you >blacklisted. The sooner you stop it, the better your chances of >repairing the damage. Yeah, yesterday I immediately stopped the Postfix system as well as the internal server Outgoing queue while searching for a way to get out of that situation, fortunately we were apparently only banned by Yahoo!, gotta check Hotmail. I've checked the host's IP on mxtoolbox today and we were not blacklisted anywhere. Luckily it was not harmful enough to rotten the host. :) >> But now, at this precise moment, I'm watching a lot of junk being >> generated on the server so, there is the source of the problem, I >> have a worm on my internal web server, no postfix issue. >Another possibility, as you mentioned that this is the gateway for >Postfix, is that it has a misconfigured firewall that is doing both >source and destination NAT of port 25 to your Postfix. I just tested >this, and was unable to connect to 200.55.14.250:25, so if that was >the case, it is probably fixed now. Yeah, I've figured out that the problem was a Firewall vulnerability issue, port 25 was open to anyone. I've fixed that and problem solved! Thanks to you all for your help and my apologies because it was not a Postfix issue at all, Regards, Damián
