I may have solved it. I hope
Connected to localhost.
Escape character is '^]'.
220 zeus.localhost ESMTP Postfix
helo inmailwetrust.com
250 zeus.localhost
mail from: _www@zeus.localhost
250 2.1.0 Ok
rcpt to:moff_yespas_1...@inmailwetrust.com
450 4.1.8 <_www@zeus.localhost>: Sender address rejected: Domain not found
quit
221 2.0.0 Bye
I added this to main.cf - straight from the documentation.
# Don't talk to mail systems that don't know their own hostname.
# With Postfix < 2.3, specify reject_unknown_hostname.
smtpd_helo_restrictions = reject_unknown_helo_hostname
# Don't accept mail from domains that don't exist.
smtpd_sender_restrictions = reject_unknown_sender_domain
This appears to stop it at the source - my system. Now, as all other outside
systems can’t relay through me, and internal accounts that are on the localhost
can’t relay - it should be ok… I hope.
> On 23 May 2015, at 10:03, Robert Chalmers <racu...@icloud.com> wrote:
>
> I’ve checked this server against the Relay Test servers about the place and
> it seems to be fine. No Relay allowed. I used a number of test servers around
> the internet.
>
> However, I came in this morning and found a list of attempted spam that has
> somehow been added to the queue. Undelivered, but rejected by the remote
> service, not my server.
>
> I can’t figure out what the configuration is, that will stop this sort of
> spam attempts.
>
> $ telnet mail.myserver.com <http://mail.myserver.com/> 25
>
> And what is happening looks like this
>
> zeus:log robert$ telnet 192.168.0.15 25
> Trying 192.168.0.15...
> Connected to zeus.
> Escape character is '^]'.
> 220 zeus.localhost ESMTP Postfix
> helo inmailwetrust.com <http://inmailwetrust.com/>
> 250 zeus.localhost
> mail from: _www@zeus.localhost <mailto:www@zeus.localhost>
> 250 2.1.0 Ok
> rcpt to: moff_yespas_1...@inmailwetrust.com
> <mailto:moff_yespas_1...@inmailwetrust.com>
> 250 2.1.5 Ok
>
>
> Now, that last response should be
> 554 : Relay access denied
> How do I stop people using my server like this?
>
> Can anyone suggest a solution please.
>
>
>
> The qmg message looks like this
>
> May 23 07:20:21 zeus.localhost postfix/qmgr[166]: 0AC18AE7532:
> from=<_www@zeus.localhost <mailto:www@zeus.localhost>>, size=1600, nrcpt=1
> (queue active)
>
> and one of the attempted messages looks like this.
>
>
> May 23 00:10:24 zeus.localhost postfix/smtp[10813]: ACF7FAE8961:
> to=<moff_yespas_1...@inmailwetrust.com
> <mailto:moff_yespas_1...@inmailwetrust.com>>, relay=inmailwetrust.com
> <http://inmailwetrust.com/>[208.88.226.239]:25, delay=79990,
> delays=79987/1.8/0.99/0.13, dsn=4.0.0, status=deferred (host
> inmailwetrust.com <http://inmailwetrust.com/>[208.88.226.239] said: 451
> Temporary local problem - please try later (in reply to RCPT TO command))
>
>
> Now, I can’t understand how that is even being sent if the system is not
> relaying anyway?
>
> and what I’d really like to be able to do is block anyone from doing that in
> the first place? Regardless of it failing - I don’t want them to be able to
> do it anyway?
>
> This is my postconf -n output. If it helps
>
>
> zeus:log robert$ postconf -n
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> biff = no
> broken_sasl_auth_clients = yes
> command_directory = /usr/sbin
> daemon_directory = /usr/libexec/postfix
> data_directory = /var/lib/postfix
> debug_peer_level = 2
> debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb
> $daemon_directory/$process_name $process_id & sleep 5
> default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what]
> blocked using $rbl_domain${rbl_reason?; $rbl_reason} - see http://$rbl_domain
> <http://$rbl_domain>.
> dovecot_destination_recipient_limit = 1
> home_mailbox = Mail/Dovecot/
> html_directory = /usr/share/doc/postfix/html
> inet_interfaces = all
> inet_protocols = all
> mail_owner = _postfix
> mailbox_command = /usr/bin/procmail -a "$EXTENSION"
> mailbox_size_limit = 0
> mailq_path = /usr/bin/mailq
> manpage_directory = /usr/share/man
> message_size_limit = 0
> meta_directory = /etc/postfix
> mydestination = localhost mail.$mydomain, www.$mydomain
> mynetworks_style = host
> newaliases_path = /usr/bin/newaliases
> postscreen_access_list = permit_mynetworks,
> cidr:/etc/postfix/postscreen_access.cidr
> postscreen_bare_newline_action = ignore
> postscreen_bare_newline_enable = no
> postscreen_bare_newline_ttl = 30d
> postscreen_blacklist_action = ignore
> postscreen_cache_cleanup_interval = 12h
> postscreen_cache_map = btree:$data_directory/postscreen_cache
> postscreen_cache_retention_time = 7d
> postscreen_client_connection_count_limit =
> $smtpd_client_connection_count_limit
> postscreen_command_count_limit = 20
> postscreen_command_filter =
> postscreen_command_time_limit = ${stress?10}${stress:300}s
> postscreen_disable_vrfy_command = $disable_vrfy_command
> postscreen_discard_ehlo_keyword_address_maps =
> $smtpd_discard_ehlo_keyword_address_maps
> postscreen_discard_ehlo_keywords = $smtpd_discard_ehlo_keywords
> postscreen_dnsbl_action = enforce
> postscreen_dnsbl_reply_map = texthash:/etc/postfix/dnsbl_reply
> postscreen_dnsbl_sites = zen.spamhaus.org <http://zen.spamhaus.org/>*3
> bl.mailspike.net <http://bl.mailspike.net/>*3 b.barracudacentral.org
> <http://b.barracudacentral.org/>*2 bl.spameatingmonkey.net
> <http://bl.spameatingmonkey.net/> bl.spamcop.net <http://bl.spamcop.net/>
> spamtrap.trblspam.com <http://spamtrap.trblspam.com/> dnsbl.sorbs.net
> <http://dnsbl.sorbs.net/>=127.0.0.[2;3;6;7;10] ix.dnsbl.manitu.net
> <http://ix.dnsbl.manitu.net/> bl.blocklist.de <http://bl.blocklist.de/>
> list.dnswl.org <http://list.dnswl.org/>=127.0.[0..255].0*-1 list.dnswl.org
> <http://list.dnswl.org/>=127.0.[0..255].1*-2 list.dnswl.org
> <http://list.dnswl.org/>=127.0.[0..255].[2..3]*-3 iadb.isipp.com
> <http://iadb.isipp.com/>=127.0.[0..255].[0..255]*-2 iadb.isipp.com
> <http://iadb.isipp.com/>=127.3.100.[6..200]*-2 wl.mailspike.net
> <http://wl.mailspike.net/>=127.0.0.[17;18]*-1 wl.mailspike.net
> <http://wl.mailspike.net/>=127.0.0.[19;20]*-2
> postscreen_dnsbl_threshold = 3
> postscreen_dnsbl_ttl = 1h
> postscreen_enforce_tls = $smtpd_enforce_tls
> postscreen_expansion_filter = $smtpd_expansion_filter
> postscreen_forbidden_commands = $smtpd_forbidden_commands
> postscreen_greet_action = ignore
> postscreen_greet_banner = $smtpd_banner
> postscreen_greet_ttl = 1d
> postscreen_greet_wait = ${stress?2}${stress:6}s
> postscreen_helo_required = $smtpd_helo_required
> postscreen_non_smtp_command_action = drop
> postscreen_non_smtp_command_enable = no
> postscreen_non_smtp_command_ttl = 30d
> postscreen_pipelining_action = enforce
> postscreen_pipelining_enable = no
> postscreen_pipelining_ttl = 30d
> postscreen_post_queue_limit = $default_process_limit
> postscreen_pre_queue_limit = $default_process_limit
> postscreen_reject_footer = $smtpd_reject_footer
> postscreen_tls_security_level = $smtpd_tls_security_level
> postscreen_use_tls = $smtpd_use_tls
> postscreen_watchdog_timeout = 10s
> queue_directory = /private/var/spool/postfix
> readme_directory = /usr/share/doc/postfix
> recipient_delimiter = +
> sample_directory = /usr/share/doc/postfix/examples
> sendmail_path = /usr/sbin/sendmail
> setgid_group = _postdrop
> shlib_directory = /usr/lib/postfix
> smtp_sasl_auth_enable = no
> smtp_sasl_mechanism_filter = plain
> smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
> smtp_use_tls = yes
> smtpd_client_restrictions = check_client_access
> hash:/etc/postfix/access,reject_rbl_client bl.spamcop.net
> <http://bl.spamcop.net/>,reject_rbl_client sbl-xbl.spamhaus.org
> <http://sbl-xbl.spamhaus.org/>,reject_rbl_client cbl.abuseat.org
> <http://cbl.abuseat.org/>,reject_rbl_client dnsbl.njabl.org
> <http://dnsbl.njabl.org/>,reject_rbl_client zen.spamhaus.org
> <http://zen.spamhaus.org/>
> smtpd_helo_required = yes
> smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/access,
> check_client_access hash:/etc/postfix/access, permit_mynetworks,
> permit_sasl_authenticated, reject_unauth_destination, check_recipient_access
> hash:/etc/postfix/access, check_relay_domains
> smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated,
> defer_unauth_destination
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_path = private/auth
> smtpd_sasl_security_options = noanonymous
> smtpd_sasl_type = dovecot
> smtpd_tls_CAfile = /private/etc/ssl/certs/sub.class1.server.ca.pem
> smtpd_tls_auth_only = yes
> smtpd_tls_cert_file = /private/etc/ssl/certs/chalmers.com.au.crt
> smtpd_tls_ciphers = medium
> smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL
> smtpd_tls_key_file = /private/etc/ssl/private/chalmers.com.au.key
> smtpd_tls_security_level = may
> smtpd_use_tls = yes
> soft_bounce = no
> tls_random_source = dev:/dev/urandom
> unknown_local_recipient_reject_code = 550
> virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf
> virtual_gid_maps = static:5000
> virtual_mailbox_base = /var/mail/vhosts
> virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
> virtual_mailbox_limit = 0
> virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
> virtual_minimum_uid = 100
> virtual_transport = lmtp:unix:private/dovecot-lmtp
> virtual_uid_maps = static:5000
> zeus:log robert$
>
>
>
> and if it’s of any help the doveconf -n output…
>
> zeus:log robert$ sudo doveconf -n
> Password:
> # 2.2.16: /usr/local/etc/dovecot/dovecot.conf
> # OS: Darwin 14.3.0 x86_64 hfs
> auth_debug = yes
> auth_debug_passwords = yes
> auth_mechanisms = plain login
> auth_verbose = yes
> auth_verbose_passwords = plain
> debug_log_path = /var/log/dovecot-debug.log
> default_internal_user = _dovecot
> default_login_user = _dovenull
> info_log_path = /var/log/dovecot-info.log
> log_path = /var/log/dovecot.log
> mail_debug = yes
> mail_location = maildir:/var/mail/vhosts/%d/%n
> mail_max_userip_connections = 30
> mail_privileged_group = mail
> namespace inbox {
> inbox = yes
> location =
> mailbox Drafts {
> special_use = \Drafts
> }
> mailbox Junk {
> special_use = \Junk
> }
> mailbox Sent {
> special_use = \Sent
> }
> mailbox "Sent Messages" {
> special_use = \Sent
> }
> mailbox Trash {
> special_use = \Trash
> }
> prefix =
> separator = /
> }
> passdb {
> args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
> driver = sql
> }
> passdb {
> args = %s
> driver = pam
> }
> postmaster_address = postmas...@chalmers.com.au
> <mailto:postmas...@chalmers.com.au>
> service auth-worker {
> user = vmail
> }
> service auth {
> executable = /usr/local/libexec/dovecot/auth
> unix_listener /var/spool/postfix/private/auth {
> group = _postfix
> mode = 0600
> user = _postfix
> }
> user = _dovecot
> }
> service imap-login {
> executable = /usr/local/libexec/dovecot/imap-login
> inet_listener imap {
> address = *
> port = 143
> }
> inet_listener imaps {
> address = *
> port = 993
> ssl = yes
> }
> process_limit = 128
> }
> service imap {
> executable = /usr/local/libexec/dovecot/imap
> process_limit = 128
> }
> service lmtp {
> unix_listener /var/spool/postfix/private/dovecot-lmtp {
> group = _postfix
> mode = 0660
> user = _postfix
> }
> unix_listener lmtp {
> group = _postfix
> mode = 0600
> user = _postfix
> }
> }
> service pop3-login {
> executable = /usr/local/libexec/dovecot/pop3-login
> inet_listener pop3 {
> address = *
> port = 110
> }
> inet_listener pop3s {
> address = *
> port = 995
> ssl = yes
> }
> process_limit = 128
> }
> service pop3 {
> executable = /usr/local/libexec/dovecot/pop3
> process_limit = 128
> }
> ssl_cert = </etc/ssl/certs/chalmers.com.au.crt
> ssl_key = </etc/ssl/private/chalmers.com.au.key
> ssl_require_crl = no
> userdb {
> args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n
> driver = static
> }
> userdb {
> driver = passwd
> }
> verbose_ssl = yes
> protocol lmtp {
> mail_plugins =
> }
> protocol lda {
> mail_plugins = " sieve"
> postmaster_address = postmas...@chalmers.com.au
> <mailto:postmas...@chalmers.com.au>
> }
> zeus:log robert$
>
>
>
>
>
> thanks
>
>
