We received an influx of mail today addressed to (probably bogus)
users at the domain 'groupprojects.net'. This domain has the
following MX record:
groupprojects.net preference = 0, mail exchanger = 0.0.0.0
When we received the message, qmail connected to 0.0.0.0 to deliver
the mail. 0.0.0.0 connects to 127.0.0.1, so qmail ended up connected
to itself. It continued to deliver the message to itself, and because
127. is allowed to relay on my system, the message was accepted. Then
qmail would immediately begin delivering the message to itself again.
Wash, rinse, repeat.
I stopped this from happening by denying connections from 127. in my
TCP rules file for qmail-smtpd (I changed
127.:allow,RELAYCLIENT="",,RBLSMTPD=""DENYMAIL="DNSCHECK"
to
127.:deny
), but this seemed like kind of a kludgey solution.
So I have 2 questions.
1) Is there a better way to do this? Allowing 127. to relay is a
convenient way for me to test. I'd like to be able to null-route
to these addresses in smtproutes instead, but I don't see a way to
do that.
2) Will anything bad happen as a result of blocking SMTP connections
from 127.? I can't think of what this would break, but I've always
had this address allowed to relay before . . .
Thanks,
------ScottG.
