Thanks for the analysis Carlos. Greg <Intentional top post -- nothing new from me below> On Mon, Jan 8, 2018 at 4:51 PM, Carlos E. R. <robin.listas@telefonica.net> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Monday, 2018-01-08 at 13:18 -0500, Greg Freemyer wrote:
And contents of /etc/postfix/main.cf ? Is that file used? What are your smtp recipient restrictions?
I don't think I have any smtp recipient restrictions?
I found copies of some of the original emails, and I was wrong.
They have my domain in the header, so I need a way to block smtp connections except from authorized servers / senders.
A month ago relays were being blocked:
/var/log/mail-20171204.xz:2017-11-24T05:42:32.548951-05:00 cloud1 postfix/smtpd[1427]: NOQUEUE: reject: RCPT from hwsrv-201020.hostwindsdns.com[23.254.203.84]: 454 4.7.1 <1029mandaditos@gmail.com>: Relay access denied; from=<admin@intelligentavatar.net> to=<1029mandaditos@gmail.com> proto=ESMTP helo=<hwsrv-201020.hostwindsdns.com>
admin@intelligentavatar.net is a legit alias on my server. I don't know what rule blocked the relay, but something did a month ago.
Incorrect IP.
This weekend I apparently had 100,000+ emails relayed for that same alias.
I would like to continue to accept email with a to: address of "admin....", but I can safely refuse to relay email for that address.
Blocking that relay will be my immediate fix. I've added:
admin@intelligentavatar.net DISCARD
to my /etc/postfix/access file and run postmap access.
Should that do the job?
The comments in your main.cf explain how it goes - I will add your configured values:
# The relay_domains parameter restricts what destinations this system will # relay mail to. See the smtpd_recipient_restrictions description in # postconf(5) for detailed information. # # By default, Postfix relays mail # - from "trusted" clients (IP address matches $mynetworks) to any destination,
You have specified my networks as an IP/32, not a name, so that is closed. But local client would pass. A process at the webserver, for instance.
# - from "untrusted" clients to destinations that match $relay_domains or # subdomains thereof, except addresses with sender-specified routing. # The default relay_domains value is $mydestination.
And you have it at default value.
mydestination = $myhostname, localhost.$mydomain myhostname = cloud1.intelligentavatar.net mydomain = intelligentavatar.net
# In addition to the above, the Postfix SMTP server by default accepts mail # that Postfix is final destination for: # - destinations that match $inet_interfaces or $proxy_interfaces,
inet_interfaces = all proxy_interfaces =
# - destinations that match $mydestination
mydestination = $myhostname, localhost.$mydomain
# - destinations that match $virtual_alias_domains,
virtual_alias_domains = hash:/etc/postfix/virtual
# - destinations that match $virtual_mailbox_domains.
virtual_mailbox_domains = intelligentavatar.net iac-forensics.com
# These destinations do not need to be listed in $relay_domains.
relay_domains = $mydestination
and the contents of "/etc/postfix/relay" are ignored. Safer, but not what wanted, I guess.
# # Specify a list of hosts or domains, /file/name patterns or type:name # lookup tables, separated by commas and/or whitespace. Continue # long lines by starting the next line with whitespace. A file name # is replaced by its contents; a type:name table is matched when a # (parent) domain appears as lookup key. # # NOTE: Postfix will not automatically forward mail for domains that # list this system as their primary or backup MX host.
cer@Telcontar:~> host -t MX intelligentavatar.net intelligentavatar.net mail is handled by 10 cloud1.intelligentavatar.net. cer@Telcontar:~> host -t MX iac-forensics.com iac-forensics.com mail is handled by 10 cloud1.intelligentavatar.net. cer@Telcontar:~> host -t MX cloud1.intelligentavatar.net. cloud1.intelligentavatar.net has no MX record cer@Telcontar:~>
# See the # permit_mx_backup restriction description in postconf(5).
permit_mx_backup_networks =
The possible culprit seems to be that web server, yes. The above seems correct.
Side note: you might want to consider aplying some changes from master.cf.rpmnew. It is two years newer.
Other files you have default values. Nothing of interest that I see there.
- -- Cheers, Carlos E. R. (from openSUSE 42.2 x86_64 "Malachite" at Telcontar)
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iEYEARECAAYFAlpT5/UACgkQtTMYHG2NR9WQ8wCfcv/DDjO2iCFZxwVnqGFdWvpZ FBEAniu339eMafxPfmFJs8DKfXALGL00 =WbT9 -----END PGP SIGNATURE-----
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org