On Sat, Oct 26, 2019 at 6:11 AM Atnakus Arzah <atnakus.ar...@gmail.com>
wrote:

> On Sat, Oct 05, 2019 at 11:09:35PM -0700, Patrick Mahan wrote:
> >All,
> >
> >I am trying to understand how I am being a mail relay for (what I believe)
> >are unauthorized users.  I have the following postfix config set -
> >
> >smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authentication,
> >reject_unauth_destination
> >
> >mynetworks_style = subnet
> >
> >However, an account seemingly seems to be used as a relay.  The user is
> >complaining about seeing tons of MAIL REJECT messages.  The logs are
> >showing -
> >
> >Oct  5 00:00:02 ns postfix/smtpd[65859]: BB829A32C24:
> >client=unknown[37.114.181.42], sasl_method=LOGIN, sasl_username=tracy
> >Oct  5 00:00:03 ns postfix/cleanup[65877]: BB829A32C24: message-id=<
> >2c64d5d9-682c-4fe8-e0d9-7c9f071f6...@mahan.org>
> >Oct  5 00:00:03 ns postfix/qmgr[1159]: BB829A32C24: from=<
> >lozroeb...@mahan.org>, size=772, nrcpt=1 (queue active)
> >Oct  5 00:00:04 ns postfix/smtpd[65859]: 56778A32C28:
> >client=unknown[37.114.181.42], sasl_method=LOGIN, sasl_username=tracy
>
> Hazarding a guess here : potentially the sender/spammer has access to the
> sasl credentials of
> tracy?
>
> You could verify whether your postfix MTA is open relay using the following
> tool : https://mxtoolbox.com/diagnostic.aspx
>
>
Once I reset tracy's login credentials the relaying stopped.  It turns out
this particular user had used the same password on many websites and had
undoubtedly been compromised.  I have required that this password remain
private to our mail server.

The mxtoolbox reports that the mail server is not an open relay.

Thanks,

Patrick

Reply via email to