<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
You might want to this tool here:<br>
<br>
<a class="moz-txt-link-freetext" href="http://mxtoolbox.com/SuperTool.aspx">http://mxtoolbox.com/SuperTool.aspx</a><br>
<br>
to check your ip. Click on the button to change the check type to
blacklist.<br>
<br>
<div class="moz-cite-prefix">On 9/3/2014 8:40 AM, Chip Atkinson
wrote:<br>
</div>
<blockquote
cite="mid:alpine.LRH.2.11.1409030837020.2752@tedward.pupman.com"
type="cite">Thanks for that information. It looks like a good set
of restrictions to put in place. When scrutinizing my config
files further I did discover that the server was misconfigured and
the source of the problem was "backscatter", where a spammer will
connect saying they are from hotmail or whatever, and my server
would dutifully contact hotmail saying no such user. That problem
is fixed. I'll put these in place to further tighten things up.
<br>
<br>
Chip
<br>
<br>
<br>
On Wed, 3 Sep 2014, George Sexton wrote:
<br>
<br>
<blockquote type="cite">A reasonable smtpd_sender_restrictions
would be:
<br>
<br>
smtpd_sender_restrictions=permit_sasl_authenticated,permit_mynetworks,reject_non_fqdn_sender
<br>
,reject_unknown_sender_domain,reject_rbl_client
zen.spamhaus.org,permit
<br>
<br>
<br>
<br>
On 9/1/2014 12:59 PM, Chip Atkinson wrote:
<br>
Hi folks,
<br>
<br>
I'm going through my maillogs and I see entries like this:
<br>
<br>
maillog-20140811:Aug 5 00:03:46 tedward
postfix/cleanup[23181]: B64A11AE3AB2:
<br>
message-id=<a class="moz-txt-link-rfc2396E" href="mailto:20140805060346.B64A11AE3AB2@tedward.pupman.com"><20140805060346.B64A11AE3AB2@tedward.pupman.com></a>
<br>
<br>
maillog-20140811:Aug 5 00:03:46 tedward
postfix/qmgr[6868]: B64A11AE3AB2:
<br>
from=<>, size=10913, nrcpt=1 (queue active)
<br>
<br>
maillog-20140811:Aug 5 00:03:46 tedward
postfix/bounce[23183]: 84C3A1AE3AA9:
<br>
sender non-delivery notification: B64A11AE3AB2
<br>
<br>
maillog-20140811:Aug 5 00:03:46 tedward
postfix/smtp[23187]: B64A11AE3AB2:
<br>
to=<a class="moz-txt-link-rfc2396E" href="mailto:BureauScores@natric.eu"><BureauScores@natric.eu></a>,
relay=hgsp68.natric.eu[162.253.152.22]:25,
<br>
delay=0.24, delays=0/0.01/0.23/0, dsn=4.4.2,
status=deferred (lost connection
<br>
with hgsp68.natric.eu[162.253.152.22] while receiving the
initial server
<br>
greeting)
<br>
<br>
maillog-20140811:Aug 5 00:12:38 tedward
postfix/qmgr[6868]: B64A11AE3AB2:
<br>
from=<>, size=10913, nrcpt=1 (queue active)
<br>
<br>
maillog-20140811:Aug 5 00:12:38 tedward
postfix/smtp[1505]: B64A11AE3AB2:
<br>
to=<a class="moz-txt-link-rfc2396E" href="mailto:BureauScores@natric.eu"><BureauScores@natric.eu></a>,
relay=hgsp68.natric.eu[162.253.152.22]:25,
<br>
delay=532, delays=532/0.01/0.19/0, dsn=4.4.2,
status=deferred (lost connection
<br>
with hgsp68.natric.eu[162.253.152.22] while receiving the
initial server
<br>
greeting)
<br>
<br>
(Gaps added for clarity due to wrapping)
<br>
<br>
To me it looks like my server got some email from
"<>" and then tried to deliver
<br>
to <a class="moz-txt-link-abbreviated" href="mailto:BureauScores@natric.edu">BureauScores@natric.edu</a>.
<br>
<br>
Is my interpretation correct, and if so, any suggestions
on how to combat the
<br>
problem?
<br>
<br>
Here's postconf -n's output if that helps.
<br>
<br>
Thanks in advance.
<br>
<br>
Chip
<br>
<br>
<br>
alias_database = hash:/etc/aliases
<br>
alias_maps = hash:/etc/aliases,
hash:/usr/local/mailman/data/aliases
<br>
command_directory = /usr/sbin
<br>
config_directory = /etc/postfix
<br>
daemon_directory = /usr/libexec/postfix
<br>
data_directory = /var/lib/postfix
<br>
debug_peer_level = 2
<br>
debug_peer_list = 167.88.120.115
<br>
html_directory = no
<br>
in_flow_delay = 1s
<br>
inet_interfaces = all
<br>
inet_protocols = ipv4
<br>
local_recipient_maps =
<br>
mail_owner = postfix
<br>
mail_spool_directory = /var/spool/mail
<br>
mailq_path = /usr/bin/mailq.postfix
<br>
manpage_directory = /usr/share/man
<br>
masquerade_domains = pupman.com
<br>
message_size_limit = 20480000
<br>
mydestination = $myhostname, localhost.$mydomain,
localhost, $mydomain,
<br>
mail.$mydomain, <a class="moz-txt-link-abbreviated" href="http://www.$mydomain">www.$mydomain</a>, chip1.$mydomain,
tedward.pupman.com,
<br>
<a class="moz-txt-link-abbreviated" href="http://www.pupman.com">www.pupman.com</a>
<br>
mydomain = pupman.com
<br>
myhostname = tedward.pupman.com
<br>
mynetworks = 127.0.0.0/8, 167.88.120.115 [::1]/128
<br>
myorigin = $mydomain
<br>
newaliases_path = /usr/bin/newaliases.postfix
<br>
owner_request_special = no
<br>
proxy_interfaces = 167.88.120.115
<br>
queue_directory = /var/spool/postfix
<br>
readme_directory =
/usr/share/doc/postfix-2.6.6/README_FILES
<br>
recipient_delimiter = +
<br>
relay_domains = $mydestination, pupman.com,
<br>
sample_directory = /usr/share/doc/postfix-2.6.6/samples
<br>
sendmail_path = /usr/sbin/sendmail.postfix
<br>
setgid_group = postdrop
<br>
smtpd_client_restrictions = permit_mynetworks
<br>
smtpd_data_restrictions = permit_mynetworks,
reject_unauth_pipelining,
<br>
reject_unauth_destination
<br>
smtpd_helo_required = yes
<br>
smtpd_helo_restrictions = permit_mynetworks,
reject_non_fqdn_hostname,
<br>
reject_invalid_hostname, permit
<br>
smtpd_recipient_restrictions = permit_mynetworks,
<br>
permit_sasl_authenticated,
reject_non_fqdn_sender,
<br>
reject_non_fqdn_recipient,
reject_non_fqdn_hostname,
<br>
reject_invalid_hostname,
reject_unauth_pipelining,
<br>
reject_unauth_destination, check_client_access
<br>
hash:/etc/postfix/rbl_override,
reject_unknown_sender_domain,
<br>
reject_unknown_recipient_domain,
reject_rbl_client
<br>
zen.spamhaus.org, reject_rbl_client
dnsbl.njabl.net, reject_rbl_client
<br>
bl.spamcop.net, reject_rbl_client
cbl.abuseat.org,
<br>
reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_sender
<br>
dbl.spamhaus.org, permit
<br>
smtpd_sender_restrictions = permit_mynetworks,
reject_unknown_sender_domain,
<br>
reject_unknown_address
<br>
unknown_local_recipient_reject_code = 550
<br>
<br>
_______________________________________________
<br>
Web Page: <a class="moz-txt-link-freetext" href="http://lug.boulder.co.us">http://lug.boulder.co.us</a>
<br>
Mailing List:
<a class="moz-txt-link-freetext" href="http://lists.lug.boulder.co.us/mailman/listinfo/lug">http://lists.lug.boulder.co.us/mailman/listinfo/lug</a>
<br>
Join us on IRC: irc.hackingsociety.org port=6667
channel=#hackingsociety
<br>
<br>
<br>
--
<br>
George Sexton
<br>
MH Software, Inc.
<br>
Voice: 303 438 9585
<br>
<a class="moz-txt-link-freetext" href="http://www.mhsoftware.com">http://www.mhsoftware.com</a>
<br>
<br>
<br>
</blockquote>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Web Page: <a class="moz-txt-link-freetext" href="http://lug.boulder.co.us">http://lug.boulder.co.us</a>
Mailing List: <a class="moz-txt-link-freetext" href="http://lists.lug.boulder.co.us/mailman/listinfo/lug">http://lists.lug.boulder.co.us/mailman/listinfo/lug</a>
Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety</pre>
</blockquote>
<br>
<div class="moz-signature">-- <br>
George Sexton<br>
<b>MH Software, Inc.</b><br>
Voice: 303 438 9585<br>
<a class="moz-txt-link-freetext" href="http://www.mhsoftware.com">http://www.mhsoftware.com</a></div>
</body>
</html>