On 2016-10-23 Paul van der Vlis wrote: > Op 22-10-16 om 18:23 schreef /dev/rob0: >> The only actual conclusion is that you have failed to put forth the >> necessary information, as Bill [I think] pointed you to the >> http://www.postfix.org/DEBUG_README.html#mail link. > > The problem is that somebody did send spam using port 587 with a not > excisting username, and I am interested how that is possible. > > sigmund:/var/log# postconf -Mf
So you finally decided to show the output of "postconf -Mf" and "saslfinger -s". Good. Now you just need to provide the rest of the information Bill Cole asked of you 2 days ago: - Full output of "postconf -nf". - Full headers of a sample message (you may obfuscate personal information about the recipient). - All log lines associated with that particular message. At the very least the output of "grep <QUEUE_ID> /var/log/mail.log". In case you don't know how to find the queue ID in a log message, it's this part of the log line: <date> <host> postfix/smtpd[<pid>]: 2758BBF4062: ... ^^^^^^^^^^^ And did you already investigate why the authentication backend considers "p...@puk.nl" a valid user, as Noel Jones asked? What did you find out? Without all of the information mentioned above you're just wasting everyone's time. --- Probably unrelated, because the messages in question apparently are received via submission, but still: you may want to disable verbose logging for the smtpd on port 25. Remove the "-v" from this line in master.cf: > smtp inet n - - - - smtpd -v Verbose logging is only required in very specific debugging scenarios and wont do you any good for regular operations or troubleshooting. Regards Ansgar Wiechers