On 2016-10-23 Paul van der Vlis wrote:
> Op 22-10-16 om 18:23 schreef /dev/rob0:
>> The only actual conclusion is that you have failed to put forth the 
>> necessary information, as Bill [I think] pointed you to the 
>> http://www.postfix.org/DEBUG_README.html#mail link.
>
> The problem is that somebody did send spam using port 587 with a not
> excisting username, and I am interested how that is possible.
>
> sigmund:/var/log# postconf -Mf

So you finally decided to show the output of "postconf -Mf" and
"saslfinger -s". Good. Now you just need to provide the rest of the
information Bill Cole asked of you 2 days ago:

- Full output of "postconf -nf".
- Full headers of a sample message (you may obfuscate personal
  information about the recipient).
- All log lines associated with that particular message. At the very
  least the output of "grep <QUEUE_ID> /var/log/mail.log".

  In case you don't know how to find the queue ID in a log message, it's
  this part of the log line:

  <date> <host> postfix/smtpd[<pid>]: 2758BBF4062: ...
                                      ^^^^^^^^^^^

And did you already investigate why the authentication backend considers
"p...@puk.nl" a valid user, as Noel Jones asked? What did you find out?

Without all of the information mentioned above you're just wasting
everyone's time.

---

Probably unrelated, because the messages in question apparently are
received via submission, but still: you may want to disable verbose
logging for the smtpd on port 25. Remove the "-v" from this line in
master.cf:

> smtp       inet  n       -       -       -       -       smtpd -v

Verbose logging is only required in very specific debugging scenarios
and wont do you any good for regular operations or troubleshooting.

Regards
Ansgar Wiechers

Reply via email to