URGENTLY NEED HELP - Postfix relay
I've just noticed in the last two days something has gone horribly wrong with Postfix on SuSE 8.1. My machine has got a massive queue of emails that it is attempting tosend to AOL customers that I never sent myself. AOL is refusing connections, so these emails are sitting in the queue. I've just quickly done a few mail relay tests and all passed.Now I'm not sure if it is due to the Spammer being on the same ISP as myself or due to some other problem with Postfix. I had configured it to "Soft Bounce" emails as I've been testing a fewthings.How can I remove all these emails from the queue, as it is sending hundreds of requests to AOLs mail servers, and this is probably not agood idea. Thanks Adam --
Adam Leach wrote:
I've just noticed in the last two days something has gone horribly wrong with Postfix on SuSE 8.1.
Looks like more then one thing went wrong. You keep sending the same email to the list every few minutes. Avi
On Fri, 2003-09-26 at 22:03, Avi Schwartz wrote:
Adam Leach wrote:
I've just noticed in the last two days something has gone horribly wrong with Postfix on SuSE 8.1.
Looks like more then one thing went wrong. You keep sending the same email to the list every few minutes.
Avi
Sorry about the duplicated message. The problem appears to be due to Postfix automatically trusting machines on a local network. My config is two networks. One setup as 10.1.1.1-10.1.1.10, and the other is the ISP/Internet. The machine that was using my email server as a mail relay was on a very close ip address, yet all tests for open relay always said my machine was secure. However my machine was working as an Open Relay, it was not jst receiving bounces as since I've fixed the problem all email don't mention my domain or ip address, see example. Sep 26 22:46:15 dev postfix/smtpd[27229]: reject: RCPT from cpc2-glfd2-5-0-cust26.glfd.cable.ntl.com[81.99.191.26]: 554 <brianrad91@aol.com>: Recipient address rejected: Relay access denied; from=<everetth@lowcomdata.net> to=<brianrad91@aol.com> I have now added the following to /etc/posfix/main.cf that I think fixes the problem. mynetworks = 10.1.1.0/16, 127.0.0.0/8 At least the spammer on IP address 81.99.191.26 is getting rejected with 554 error. I suggest checking you setup incase your machines are open as a relay to local machines. Regards Adam
On Fri, 2003-09-26 at 17:09, Adam Leach wrote:
The problem appears to be due to Postfix automatically trusting machines on a local network.
My config is two networks. One setup as 10.1.1.1-10.1.1.10, and the other is the ISP/Internet. The machine that was using my email server as a mail relay was on a very close ip address, yet all tests for open relay always said my machine was secure.
However my machine was working as an Open Relay, it was not jst receiving bounces as since I've fixed the problem all email don't mention my domain or ip address, see example.
Sep 26 22:46:15 dev postfix/smtpd[27229]: reject: RCPT from cpc2-glfd2-5-0-cust26.glfd.cable.ntl.com[81.99.191.26]: 554 <brianrad91@aol.com>: Recipient address rejected: Relay access denied; from=<everetth@lowcomdata.net> to=<brianrad91@aol.com>
I have now added the following to /etc/posfix/main.cf that I think fixes the problem. mynetworks = 10.1.1.0/16, 127.0.0.0/8
At least the spammer on IP address 81.99.191.26 is getting rejected with 554 error.
I suggest checking you setup incase your machines are open as a relay to local machines.
Regards
Adam
I brought this up several weeks ago. The same thing happened to me. There needs to be some sort of patch made to postfix for this. Fine. I finally sent feedback about this. Sigh, dk
Hi, On Monday 29 September 2003 11:49, David Krider wrote:
On Fri, 2003-09-26 at 17:09, Adam Leach wrote:
I have now added the following to /etc/posfix/main.cf that I think fixes the problem. mynetworks = 10.1.1.0/16, 127.0.0.0/8
At least the spammer on IP address 81.99.191.26 is getting rejected with 554 error.
With this definition of mynetworks, any user out there with IP = 10.1.xxx.xxx is considered as your network. Is it what you want?. I think it is better 10.1.1.0/28 Guillermo. -- Guillermo Ballester Valor Linux user #117181. See http://counter.li.org/ gbv@oxixares.com http://www.oxixares.com/~gbv/ Ogijares, Granada SPAIN
On Monday 29 September 2003 12.42, Guillermo Ballester Valor wrote:
With this definition of mynetworks, any user out there with IP = 10.1.xxx.xxx is considered as your network. Is it what you want?.
10.0.0.0/8 is a private, non-routable network. If anyone can get to your computer from the outside with an ip like that, you (or your ISP) have something seriously misconfigured
On Monday 29 September 2003 12:51, Anders Johansson wrote:
On Monday 29 September 2003 12.42, Guillermo Ballester Valor wrote:
With this definition of mynetworks, any user out there with IP = 10.1.xxx.xxx is considered as your network. Is it what you want?.
10.0.0.0/8 is a private, non-routable network. If anyone can get to your computer from the outside with an ip like that, you (or your ISP) have something seriously misconfigured
Yes, is a private network, but some ISP creates a big internal net with this IP range (I know some local cable net doing that), and with this big window the chance of an spammer using your server is not negligible. Guillermo -- Guillermo Ballester Valor Linux user #117181. See http://counter.li.org/ gbv@oxixares.com http://www.oxixares.com/~gbv/ Ogijares, Granada SPAIN
Guillermo Ballester Valor wrote:
Hi,
On Monday 29 September 2003 11:49, David Krider wrote:
On Fri, 2003-09-26 at 17:09, Adam Leach wrote:
I have now added the following to /etc/posfix/main.cf that I think fixes the problem. mynetworks = 10.1.1.0/16, 127.0.0.0/8
At least the spammer on IP address 81.99.191.26 is getting rejected with 554 error.
With this definition of mynetworks, any user out there with IP = 10.1.xxx.xxx is considered as your network. Is it what you want?.
I think it is better 10.1.1.0/28
Guillermo.
In my server, (SLOX), I have in mynetworks: 192.168.0.0/24, 192.168.1.0/24, 192.168.2.0/24 ...... 192.168.9.0/24 but is I open the port 25 from the internet (in another adapter), My server is used by spammer for do relay. What can I do? -- ------------------------------------------------------ Una prensa libre es el gran enemigo de los dictadores. Independientemente de sus abusos, sus debilidades, sus errores. Una prensa libre es la gran aliada y defensora de la democracia. Charlos S. Shapiro Embajador de USA en la Rep. de Venezuela Martes, 20 de Mayo 2003
participants (6)
-
Adam Leach -
Anders Johansson -
Avi Schwartz -
David Krider -
Guillermo Ballester Valor -
Hipolito A. Gonzalez M.