On Wed, Feb 27, 2013 at 03:10:38PM -0600, Noel Jones wrote:
> On 2/27/2013 2:33 PM, /dev/rob0 wrote:
> > I only saw main.cf and some largely irrelevant logs.
>
> I was trying to be polite. That's all I saw too.
I tried to be polite also, but perhaps putting a little less effort
into it than you did. ;)
Just a note for the archives and for those who tend to fuss with us
when our replies don't seem sugar-coated enough for your tastes: we
really DO want to help this poster, and especially to help the
Internet be rid of some more spam. Jamie is not following directions
and is wasting our time. This thread has gone on for days, but if
proper information had been available we would have solved it long
ago.
> > Do note that your system is ipso facto compromised. We know this
> > because it is being used by a spammer to send spam. Stop saying
> > you're not compromised, when we know that you are.
>
> But we don't know that his system is sending spam; another reason
> we need to see logs. There is enough conflicting information here
> that everything should be verified by evidence.
I was going on the reply to Tom Hendrikx:
Message-ID: <512ca32d.8030...@mailarchiva.com>
Date: Tue, 26 Feb 2013 13:57:33 +0200
The logs therein looked decidedly spammy, unlike the other normal
delivery logs shown.
> I'm inclined to think this is something mundane, such as an
> NDR/bounce triggered by spam from some rDNS "localhost" client or
> maybe a phished local account. Once those are eliminated as
> possible explanations, we can look for more interesting problems.
Another thing which might help isolate this, which was missing from
the master.cf in the above-referenced post, would be to use "-o
syslog_name=postfix/..." on any smtpd instance other than *:smtp.
Jamie only had a post-amavisd reinjection smtpd, no submission.
(Another good suggestion would be to isolate submission from MX mail,
but that goes beyond the original problem somewhat.)
> But now I'm guessing, which I berated others for earlier.
:)
--
http://rob0.nodns4.us/ -- system administration and consulting
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
