On 5/23/2015 4:03 AM, Robert Chalmers wrote: > I’ve checked this server against the Relay Test servers about the > place and it seems to be fine. No Relay allowed. I used a number of > test servers around the internet. > > However, I came in this morning and found a list of attempted spam > that has somehow been added to the queue. Undelivered, but rejected > by the remote service, not my server. > > I can’t figure out what the configuration is, that will stop this > sort of spam attempts. > > $ telnet mail.myserver.com <http://mail.myserver.com> 25 > > And what is happening looks like this > > zeus:log robert$ telnet 192.168.0.15 25 > Trying 192.168.0.15... > Connected to zeus. > Escape character is '^]'. > 220 zeus.localhost ESMTP Postfix > helo inmailwetrust.com <http://inmailwetrust.com> > 250 zeus.localhost > mail from: _www@zeus.localhost <mailto:www@zeus.localhost> > 250 2.1.0 Ok > rcpt to: moff_yespas_1...@inmailwetrust.com > <mailto:moff_yespas_1...@inmailwetrust.com> > 250 2.1.5 Ok > > > Now, that last response should be > > 554 : *Relay access denied* > > How do I stop people using my server like this? > > Can anyone suggest a solution please.
The above test is only valid if you perform it from a computer that is not listed in mynetworks. > > > > The qmg message looks like this > > *May 23 07:20:21 zeus.localhost postfix/qmgr[166]: 0AC18AE7532: > from=<_www@zeus.localhost <mailto:www@zeus.localhost>>, size=1600, > nrcpt=1 (queue active)* This looks more like an abused web form than an open mail relay. Check all the log entries for queue ID 0AC18AE7532 to see where it enters your system from. ... > This is my postconf -n output. If it helps > > > zeus:log robert$ postconf -n > mailbox_size_limit = 0 > message_size_limit = 0 Better to use a very high limit rather than no limit. > smtpd_client_restrictions = check_client_access > hash:/etc/postfix/access,reject_rbl_client bl.spamcop.net > <http://bl.spamcop.net>,reject_rbl_client sbl-xbl.spamhaus.org > <http://sbl-xbl.spamhaus.org>,reject_rbl_client cbl.abuseat.org > <http://cbl.abuseat.org>,reject_rbl_client dnsbl.njabl.org > <http://dnsbl.njabl.org>,reject_rbl_client zen.spamhaus.org > <http://zen.spamhaus.org> The HTML markup makes your post hard to read. Please use plain text only. > smtpd_helo_required = yes > smtpd_recipient_restrictions = check_sender_access > hash:/etc/postfix/access, check_client_access > hash:/etc/postfix/access, This access list is an opportunity for a sender or client dependent open relay. Any "permit" or "OK" results in this file can be dangerous. http://www.postfix.org/SMTPD_ACCESS_README.html#danger > permit_mynetworks, > permit_sasl_authenticated, reject_unauth_destination, Good. > check_recipient_access hash:/etc/postfix/access, check_relay_domains check_relay_domains is deprecated. Please remove it from your config. > smtpd_relay_restrictions = permit_mynetworks, > permit_sasl_authenticated, defer_unauth_destination Excellent, you have the smtpd_relay_restrictions safety net. It's highly unlikely your postfix is an open relay, regardless of any possible mistakes in your sender|client access list. I suggest changing defer_unauth_destination to reject_unauth_destination. This means it's also very likely the source of your spam is an abused web form. > smtpd_tls_security_level = may Good. > smtpd_use_tls = yes Deprecated, use smtpd_tls_security_level instead. -- Noel Jones
