Hi
our main.cf contains
smtpd_client_restrictions = check_client_access
hash:/etc/postfix/client_rules permit_mynetworks permit_sasl_authenticated
reject_rbl_client bl.spamcop.net reject_rbl_client zen.spamhaus.org
reject_rbl_client cbl.abuseat.org
smtpd_sender_restrictions = check_policy_service inet:127.0.0.1:10031,
check_sender_access hash:/etc/postfix/sender_access ,
reject_rhsbl_client dsn.rfc-ignorant.org,
reject_invalid_hostname,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_sender_login_mismatch,
reject_unauthenticated_sender_login_mismatch
smtpd_recipient_restrictions = check_recipient_access
hash:/etc/postfix/protected_destinations,
check_policy_service inet:127.0.0.1:10031
check_client_access hash:/etc/postfix/client_rules,
permit_mynetworks,permit_sasl_authenticated,
reject_unauth_destination,
check_policy_service unix:private/policy reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
permit_mx_backup,
reject_unverified_recipient,
reject, policy_time_limit = 3600
smtpd_end_of_data_restrictions =
check_policy_service inet:127.0.0.1:10031
parameters. which parameter couse this ?
On Fri, May 30, 2014 at 3:17 PM, Wietse Venema <wie...@porcupine.org> wrote:
> Selcuk Yazar:
> > i think from=<> is empty or unknown, also this messages comes from log
> 4-5
> > times per second. we think some kind attack or mallware thing.
>
> Bt's typical for backscatter spam from MTAs that accept-then-reject.
> See http://www.postfix.org/BACKSCATTER_README.html
>
> > but i'm not sure RCPT from
> > > xedge2.campus.tue.nl[131.155.6.117]
> >
> > ip is real or not ?
>
> The IP address is very likely to be real.
>
> > also the user in from part of log is a driver(no offence), i 'm
> > sure he looks mail once a day, and he is on vacation . :)
>
> That's typical for backscatter spam from MTAs that accept-then-reject.
> See http://www.postfix.org/BACKSCATTER_README.html
>
> Wietse
>
--
Selçuk YAZAR
http://www.selcukyazar.blogspot.com
