On Tue, 16 Jun 2015 20:45:12 -0700, Viktor Dukhovni
<postfix-us...@dukhovni.org> wrote:
On Tue, Jun 16, 2015 at 08:34:38PM -0700, Jithesh AP wrote:
I tried that, the first line client = ip-172 is the internal/private ip
of
my server. So does this mean somehow it is being sent from my server
itself?
grep 6CB5841627 /var/maillog
Jun 16 13:21:46 ml postfix/smtpd[19729]: 6CB5841627:
client=ip-172-31-5-33.us-west-1.compute.internal[172.31.5.33]
Jun 16 13:21:48 ml postfix/cleanup[22906]: 6CB5841627:
message-id=<kflvqedfdosxjjhkebewy...@sfilc.com>
Is that really the machine's own IP address, or that of a another
machine on the same subnet? Perhaps you have an insecure PHP or
other web application that sends email via SMTP rather than via
the sendmail(1) command-line.
Or perhaps you've exposed an SMTP proxy-filter or other application
that on some port effectively NATs outside connections to appear
to be local.
Also post the headers of the queued message output by running
as root:
# postcat -hq 0C9B14166A
This may shed some additional light on the message origin.
In the mean time, set "mynetworks = 127.0.0.1", that might
limit further damage.
mynetworks was fully commented, now i have added as you indicated, but
fully commenting it will also have a similar effect right?
would this help anyway, found while googling
#smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination
#smtpd_sender_restrictions = reject_unknown_sender_domain
i had cleared all messages using postsuper -d All, so dont have that
message. but i checked logs and saw everything is coming from my ip
itself, it is my private ip and not a subnet one. I will open port 25
again for sometime so i can get the info you asked from new mails.
--
Using Opera's mail client: http://www.opera.com/mail/
