On 2016-10-23 Paul van der Vlis wrote:
> Op 22-10-16 om 18:23 schreef /dev/rob0:
>> The only actual conclusion is that you have failed to put forth the
>> necessary information, as Bill [I think] pointed you to the
>> http://www.postfix.org/DEBUG_README.html#mail link.
>
> The problem is that somebody did send spam using port 587 with a not
> excisting username, and I am interested how that is possible.
>
> sigmund:/var/log# postconf -Mf
So you finally decided to show the output of "postconf -Mf" and
"saslfinger -s". Good. Now you just need to provide the rest of the
information Bill Cole asked of you 2 days ago:
- Full output of "postconf -nf".
- Full headers of a sample message (you may obfuscate personal
information about the recipient).
- All log lines associated with that particular message. At the very
least the output of "grep <QUEUE_ID> /var/log/mail.log".
In case you don't know how to find the queue ID in a log message, it's
this part of the log line:
<date> <host> postfix/smtpd[<pid>]: 2758BBF4062: ...
^^^^^^^^^^^
And did you already investigate why the authentication backend considers
"p...@puk.nl" a valid user, as Noel Jones asked? What did you find out?
Without all of the information mentioned above you're just wasting
everyone's time.
---
Probably unrelated, because the messages in question apparently are
received via submission, but still: you may want to disable verbose
logging for the smtpd on port 25. Remove the "-v" from this line in
master.cf:
> smtp inet n - - - - smtpd -v
Verbose logging is only required in very specific debugging scenarios
and wont do you any good for regular operations or troubleshooting.
Regards
Ansgar Wiechers
