On Sat, Oct 26, 2019 at 6:11 AM Atnakus Arzah <atnakus.ar...@gmail.com> wrote:
> On Sat, Oct 05, 2019 at 11:09:35PM -0700, Patrick Mahan wrote: > >All, > > > >I am trying to understand how I am being a mail relay for (what I believe) > >are unauthorized users. I have the following postfix config set - > > > >smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authentication, > >reject_unauth_destination > > > >mynetworks_style = subnet > > > >However, an account seemingly seems to be used as a relay. The user is > >complaining about seeing tons of MAIL REJECT messages. The logs are > >showing - > > > >Oct 5 00:00:02 ns postfix/smtpd[65859]: BB829A32C24: > >client=unknown[37.114.181.42], sasl_method=LOGIN, sasl_username=tracy > >Oct 5 00:00:03 ns postfix/cleanup[65877]: BB829A32C24: message-id=< > >2c64d5d9-682c-4fe8-e0d9-7c9f071f6...@mahan.org> > >Oct 5 00:00:03 ns postfix/qmgr[1159]: BB829A32C24: from=< > >lozroeb...@mahan.org>, size=772, nrcpt=1 (queue active) > >Oct 5 00:00:04 ns postfix/smtpd[65859]: 56778A32C28: > >client=unknown[37.114.181.42], sasl_method=LOGIN, sasl_username=tracy > > Hazarding a guess here : potentially the sender/spammer has access to the > sasl credentials of > tracy? > > You could verify whether your postfix MTA is open relay using the following > tool : https://mxtoolbox.com/diagnostic.aspx > > Once I reset tracy's login credentials the relaying stopped. It turns out this particular user had used the same password on many websites and had undoubtedly been compromised. I have required that this password remain private to our mail server. The mxtoolbox reports that the mail server is not an open relay. Thanks, Patrick
