On Tue, Apr 06, 2010 at 08:11:02AM -0600, Josh Cason wrote:
> When I built the server after doing tons of research. (the old
> servers ran sendmail and I didn't have a hand in setting them up.)
> pop-before-smtp worked great for customers outside the network.
At best, pop-before-smtp is an ugly kludge. It is not truly
implemented as a feature of any MUA I know; the user simply has to
remember to check mail before hitting "send".
> If I disabled pop-before-smtp they would not work. Just internal
> users. So without any changes to the outside world in there
> e-mail clients. As long as they had a proper username / password
> it worked great.
Sometimes there is no way to avoid making changes in the outside
world. Your site sounds way overdue for SASL AUTH.
> My e-mail server worked great for 1 year before (I assume
> this new type of spam) starting showing up in my server.
What "new type of spam" is this? I think there is no such thing. You
need to show NON-VERBOSE logs of this "new spam" coming in.
Others have told you that. You are not complying. Why not?
> Now for about 1 year I have been adding and trying different
> configurations to get ride of it. Seems to be a partial open
> relay.
A whole YEAR of relaying spam? That is shameful.
You mention the "open relay" phrase, and that brings to mind one
possible WAG I can share with you. Perhaps a year ago you changed
your router upstream from your Postfix.
If the router is doing destination NAT inbound to the Postfix, it
MUST *NOT* also do source NAT on those connections.
Example:
Router external IP: 192.0.2.25
Router internal IP: 192.168.2.254
Postfix (internal-only) IP: 192.168.2.25
1. Router receives connection to 192.0.2.25:25 (inbound mail/spam)
2. Router changes (masquerades) the source IP to 192.168.2.254
3. Router passes NAT'ed connection through to 192.168.2.25:25
4. Postfix at 192.168.2.25 sees the connection as coming from the
Router, 192.168.2.254
This is one of very few ways that Postfix can unintentionally become
an open relay, and note, the problem and solution is external to
Postfix.
If this guess is right, you CANNOT use pop-before-smtp unless the
router is fixed or replaced by something sane. Whenever ANY user
authenticates with POP3, from anywhere, you are an open relay until
whatever timeout you have set for the pop-before-smtp.
It is very much like playing Russian roulette with email. Unsafe.
> I don't know what it is caused by and I'm trying my best to spot
> or give all you helpfull people information needed to sqash this.
> I can't thank you enough once again for help.
You need to show NON-VERBOSE logs of this spam coming in. Nothing
beyond wild guesses will be possible until you heed that.
> In this area I'm alone and don't have any help. Most people
> suguested paying a service to host e-mail and I'm like that is
> stupid. But now with my spare time involved in this. I question
> that.
Indeed. Mail administration is very challenging, and to be quite
frank, you are not showing any aptitude for the job. I think the
suggestion is a very good one. Not everyone can be a postmaster.
Those who succeed worked at it, very hard.
Google Apps will do email hosting for free. (No, they probably will
not support pop-before-smtp, nor should they.)
> But I have two problems with spam and this is a pretty big
> problem. If I could squash it. Then my e-mail server would be
> close to perfect. Not perfect because I was the only one knowning
> linux and setup other linux projects that work great. Like routers,
> and what not. Just not so good at e-mail.
If my guess was right, you're not so good at routers, either.
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
