On 06/19/2013 02:33 PM, Birta Levente wrote:
On 19/06/2013 14:37, lst_ho...@kwsoft.de wrote:
Zitat von Andreas Kasenides <andr...@cymail.eu>:
One of my mail servers (postfix 2.6) has been target of what seems to
me to be an attack.
The attacker tried to deliver messages to a non-existent user names
formed as a long hex
string. It only happened once from one particular client and kept
going for some time.
SMTP sessions were coming in one every second with three delivery
attampts each.
Here is a fragment of one single session:
Out: 220 prot.xxxx.eu ESMTP Postfix
In: EHLO xxxxxxxxxx
Out: 250-prot.xxxx.eu
Out: 250-PIPELINING
Out: 250-SIZE 10240000
Out: 250-VRFY
You really don't want to enable VRFY on a public mailserver; it only
enables more spammers to abuse you.
Set 'disable_vrfy_command = yes' in main.cf to globally disable it.
Out: 250-ETRN
Out: 250-ENHANCEDSTATUSCODES
Out: 250-8BITMIME
Out: 250 DSN
In: MAIL FROM:<x...@xx.xxx.xx> SIZE=2881 BODY=7BIT
Out: 250 2.1.0 Ok
In: RCPT TO:<35150aa4c74ba30f04ede17ca25f1...@xxxx.yy
Out: 451 4.3.0 <35150aa4c74ba30f04ede17ca25f1...@xxxx.yy>: Temporary
lookup
failure
This means postfix attempted to verify if the recipient is valid, but
failed to do so.
Something is broken in your setup; either you have a broken non-hashed
map, or you're misaddressing a networked service like LDAP or SQL.
If *you* never come across this error normally, this is probably a later
entry, for fallback, which you never reach with valid recipients.
As instructed when you joined this list, provide non-verbose logs of one
message, and the output of postconf -n.
All of this should be rejected by 5xx, am I wrong?
By default, yes - IF postfix ever got that far. This is either a name
lookup failure (indicating a problem with DNS), or a map failure,
indicating one of the above.
And I think this temporary lookup failure is not ok....
Show some log...
Yes he should...
--
J...
