On Sat, Oct 05, 2019 at 11:09:35PM -0700, Patrick Mahan wrote:
All,
I am trying to understand how I am being a mail relay for (what I believe)
are unauthorized users. I have the following postfix config set -
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authentication,
reject_unauth_destination
mynetworks_style = subnet
However, an account seemingly seems to be used as a relay. The user is
complaining about seeing tons of MAIL REJECT messages. The logs are
showing -
Oct 5 00:00:02 ns postfix/smtpd[65859]: BB829A32C24:
client=unknown[37.114.181.42], sasl_method=LOGIN, sasl_username=tracy
Oct 5 00:00:03 ns postfix/cleanup[65877]: BB829A32C24: message-id=<
2c64d5d9-682c-4fe8-e0d9-7c9f071f6...@mahan.org>
Oct 5 00:00:03 ns postfix/qmgr[1159]: BB829A32C24: from=<
lozroeb...@mahan.org>, size=772, nrcpt=1 (queue active)
Oct 5 00:00:04 ns postfix/smtpd[65859]: 56778A32C28:
client=unknown[37.114.181.42], sasl_method=LOGIN, sasl_username=tracy
Hazarding a guess here : potentially the sender/spammer has access to the sasl
credentials of
tracy?
You could verify whether your postfix MTA is open relay using the following
tool : https://mxtoolbox.com/diagnostic.aspx
- Atnakus
