i think authentication is not really the issue here.
and a firewall would not do much good in this situation either.
it would if you could identify a set of ips or domains, but if itīs completely random thereīs really no way to block that.
i think you should implement some kind of logrotation and delete old logfiles.
or you could have the logs for postfix go to some other file thatīs rotated and deleted regularly if you donīt want syslog to be deleted.
or you could turn logging off for this kind of thing.
oh. and iīm no guru either.
regards, alexander
Louis LeBlanc wrote:
On 08/27/03 05:52 PM, David sat at the `puter and typed:
Hi gurus,
Sorry if this is a little bit off topic but I?m in deep trouble. I?m running a Postfix server for a couple of domains with just a few users.
The setup is pretty secure (I think) and and don't find any evidence in my logs that I have an open relay. The problem is that I got a LOT of connections from someone that tries to send e-mail to fake users at my domain. The logfile grows at rapid speed and I got 180 MB log just for the last 12 hours.
The connections are from random IP-addresses. It's different
addresses and domains each time, but the pattern is the same.
Example 1:
Aug 27 17:54:44 www postfix/smtpd[10056]: 73D9110F26: reject: RCPT from smtp.terra.es[213.4.129.129]: 550 <[EMAIL PROTECTED]>: User unknown in virtual alias table; from=<> proto=ESMTP helo=<tsmtp8.mail.isp>
Example 2:
Aug 27 17:54:42 www postfix/smtpd[10069]: E2D9910F2E: reject: RCPT from host048021.arnet.net.ar[200.45.48.21]: 550 <[EMAIL PROTECTED]>: User unknown in virtual alias table; from=<> proto=ESMTP helo=<smtp-mx-02.ti.local>
Any idea how to stop this. The server is behind a firewall, so I
guess it?s possible to block this bastard, but I don't know how to
nail him.
TIA, /David
Ok, I know you have directed this query to gurus, but I'm gonna present a suggestion anyway.
I'm not familiar with postfix - I run Sendmail myself and I'm hardly a guru there either - but can't you require validation to connect to the server? All users on my system have to validate before being allowed to send mail. Unless I'm mistaken, that prevents outside spammers from connecting like that and sending mail anywhere, inside or out.
HTH
Lou
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
