Thank you so much for your time. I have removed the line, "check_sender_access hash://etc/postfix/sender_access" Is there anything else I should do? Thanks Again!
Ryan Here is my new config file. biff = no command_directory = /usr/sbin config_directory = /etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 daemon_directory = /usr/libexec/postfix debug_peer_level = 2 enable_server_options = yes header_checks = html_directory = /usr/share/doc/postfix/html inet_interfaces = all mail_owner = _postfix mailbox_size_limit = 0 mailbox_transport = dovecot mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man maps_rbl_domains = message_size_limit = 52428800 mydestination = $myhostname, localhost.$mydomain, localhost, mail2.4nova.net, $mydomain mydomain = Nova-Mail2.local mydomain_fallback = localhost myhostname = Nova-Mail2.local mynetworks = 74.84.205.0/24,74.95.99.16/28,65.254.210.137,74.84.205.84 newaliases_path = /usr/bin/newaliases queue_directory = /private/var/spool/postfix readme_directory = /usr/share/doc/postfix recipient_delimiter = + relayhost = sample_directory = /usr/share/doc/postfix/examples sendmail_path = /usr/sbin/sendmail setgid_group = _postdrop smtpd_client_restrictions = hash:/etc/postfix/smtpdreject cidr:/etc/postfix/smtpdreject.cidr permit_mynetworks permit_sasl_authenticated reject_rbl_client zen.spamhaus.orgreject_rbl_client sbl-xbl.spamhaus.org permit smtpd_enforce_tls = no smtpd_helo_required = no smtpd_helo_restrictions = smtpd_pw_server_security_options = none smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination permit smtpd_sasl_auth_enable = no smtpd_tls_CAfile = /etc/certificates/mail2.4nova.net.9F8B16932C4D21BF8CF23A56C69185B969123837.chain.pem smtpd_tls_cert_file = smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL smtpd_tls_key_file = smtpd_tls_loglevel = 0 smtpd_use_pw_server = no smtpd_use_tls = no soft_bounce = no tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550 virtual_alias_domains = $virtual_alias_maps hash:/etc/postfix/virtual_domains virtual_alias_maps = hash:/etc/postfix/virtual_users On Tue, May 24, 2011 at 4:58 PM, Victor Duchovni < victor.ducho...@morganstanley.com> wrote: > On Tue, May 24, 2011 at 04:53:26PM -0400, Ryan Buffa wrote: > > > Thank you for your input Victor. > > > > My sender_access file only contains OK rules no reject rules. > > This is wrong. It MUST contain zero OK rules, envelope sender > addresses are unauthenticated, and forgeries will be relayed. > > > Should I just > > remove the sender_access list? I don't know that it is really helping or > > that I have it setup properly if it is full of OK instead of REJECT. > > Do you think this is the culprit to my problem? > > It is the cause of your outbound spam problem, so drop it. > > > > > Here is the log search for that ID you noted. > > May 24 15:59:06 mail2 postfix/smtpd[21216]: 610E03595566: > > client=unknown[184.82.181.3] > > This client is not on your "mynetworks" list. > > > May 24 15:59:06 mail2 postfix/cleanup[21219]: 610E03595566: message-id=< > > 201105250351138904...@4nova.net> > > May 24 15:59:08 mail2 postfix/qmgr[20404]: 610E03595566: from=< > > hwli...@4nova.net>, size=209340, nrcpt=1 (queue active) > > This sender is in your domain, likely listed in the sender lookup table. > > > May 24 15:59:08 mail2 postfix/smtp[20897]: 610E03595566: to=< > jyfr...@163.com>, > > relay=127.0.0.1[127.0.0.1]:10024, delay=2.6, delays=2.4/0/0.01/0.11, > > dsn=2.0.0, status=sent (250 2.0.0 Ok, id=21180-02, from > > MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as AA561359557D) > > This recipient is remote, so you are relaying spam. The solution is to > ditch the rule. > > > May 24 15:59:08 mail2 postfix/qmgr[20404]: 610E03595566: removed > > > > > mydestination = $myhostname, localhost.$mydomain, localhost, > > > > mail2.4nova.net, $mydomain > > > > > > So 4nova.net is your domain. > > > > > > > mynetworks = 74.84.205.0/24, 74.95.99.16/28, 65.254.210.137, > > > 74.84.205.84 > > > > > > And these are your trusted client networks. > > > > > > > smtpd_recipient_restrictions = > > > > permit_sasl_authenticated, > > > > permit_mynetworks, > > > > check_sender_access hash:/etc/postfix/sender_access, > > > > reject_unauth_destination > > > > permit > > > > > > This is broken. DO NOT use "check_sender_access" *above* > > > reject_unauth_destination. This can create an open-relay with > > > forged sender addresses. Move the "check_sender_access" below > > > "reject_unauth_destination" and make sure it only contains "REJECT" > > > rules (contains no OK rules). > > > > > > > May 24 15:59:08 mail2 postfix/smtpd[20542]: AA561359557D: > > > > client=localhost[127.0.0.1] > > > > > > Wrong queue-id, instead find the logs for "610E03595566:" > > > which is the upstream for "AA561359557D". > > > > > > > May 24 15:59:08 mail2 postfix/smtp[20897]: 610E03595566: to=< > > > jyfr...@163.com>, > > > > relay=127.0.0.1[127.0.0.1]:10024, delay=2.6, delays=2.4/0/0.01/0.11, > > > > dsn=2.0.0, status=sent (250 2.0.0 Ok, id=21180-02, from > > > > MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as AA561359557D) > > -- > Viktor. >
