Hello!
I just noticed my servers replies with a 454 (instead of 554) when a bot
checks for an open relay. Here's one exameple:
Mar 10 08:53:46 mx1 postfix/smtpd[16747]: connect from
xxx.fesersglobal.com[45.85.90.xxx]
Mar 10 08:53:51 mx1 postfix/smtpd[16747]: NOQUEUE: reject: RCPT from
xxx.fesersglobal.com[45.85.90.xxx]: 454 4.7.1 <spam...@tiscali.it>: Relay access denied;
from=<spam...@tiscali.it> to=<spam...@tiscali.it> proto=ESMTP helo=<WIN-CLJ1B0GQ6JP>
Mar 10 08:53:52 mx1 postfix/smtpd[16747]: disconnect from
xxx.fesersglobal.com[45.85.90.xxx] ehlo=1 mail=1 rcpt=0/1 rset=1 quit=1
commands=4/5
Relevant config (I believe):
smtpd_client_restrictions =
permit_mynetworks
sleep 5
reject_unauth_pipelining
smtpd_helo_restrictions =
smtpd_sender_restrictions =
smtpd_recipient_restrictions =
permit_mynetworks
reject_unauth_pipelining
# Always permit abuse, postmaster accounts
check_recipient_access hash:/usr/local/etc/postfix/excluded_users
# Always permit trustet ip networks
check_client_access cidr:/usr/local/etc/postfix/ip_access.cidr
# Always permit trusted domains
check_client_access hash:/usr/local/etc/postfix/access
reject_unknown_client_hostname
reject_invalid_helo_hostname
reject_non_fqdn_helo_hostname
reject_unknown_helo_hostname
reject_non_fqdn_sender
reject_unknown_sender_domain
reject_non_fqdn_recipient
reject_unknown_recipient_domain
reject_unauth_destination
permit
relay_domains = domain1.com domain2.com
relay_recipient_maps = hash:/usr/local/etc/postfix/relay_recipients
relayhost = [my.internal.relay.host]
- me
