<html>
  <head>
    <meta content="text/html; charset=windows-1252"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    You might want to this tool here:<br>
    <br>
    <a class="moz-txt-link-freetext" href="http://mxtoolbox.com/SuperTool.aspx">http://mxtoolbox.com/SuperTool.aspx</a><br>
    <br>
    to check your ip. Click on the button to change the check type to
    blacklist.<br>
    <br>
    <div class="moz-cite-prefix">On 9/3/2014 8:40 AM, Chip Atkinson
      wrote:<br>
    </div>
    <blockquote
      cite="mid:alpine.LRH.2.11.1409030837020.2752@tedward.pupman.com"
      type="cite">Thanks for that information.  It looks like a good set
      of restrictions to put in place.  When scrutinizing my config
      files further I did discover that the server was misconfigured and
      the source of the problem was "backscatter", where a spammer will
      connect saying they are from hotmail or whatever, and my server
      would dutifully contact hotmail saying no such user.  That problem
      is fixed.  I'll put these in place to further tighten things up.
      <br>
      <br>
      Chip
      <br>
      <br>
      <br>
       On Wed, 3 Sep 2014, George Sexton wrote:
      <br>
      <br>
      <blockquote type="cite">A reasonable smtpd_sender_restrictions
        would be:
        <br>
        <br>
smtpd_sender_restrictions=permit_sasl_authenticated,permit_mynetworks,reject_non_fqdn_sender
        <br>
        ,reject_unknown_sender_domain,reject_rbl_client
        zen.spamhaus.org,permit
        <br>
        <br>
        <br>
        <br>
        On 9/1/2014 12:59 PM, Chip Atkinson wrote:
        <br>
              Hi folks,
        <br>
        <br>
              I'm going through my maillogs and I see entries like this:
        <br>
        <br>
              maillog-20140811:Aug  5 00:03:46 tedward
        postfix/cleanup[23181]: B64A11AE3AB2:
        <br>
             
        message-id=<a class="moz-txt-link-rfc2396E" href="mailto:20140805060346.B64A11AE3AB2@tedward.pupman.com"><20140805060346.B64A11AE3AB2@tedward.pupman.com></a>
        <br>
        <br>
              maillog-20140811:Aug  5 00:03:46 tedward
        postfix/qmgr[6868]: B64A11AE3AB2:
        <br>
              from=<>, size=10913, nrcpt=1 (queue active)
        <br>
        <br>
              maillog-20140811:Aug  5 00:03:46 tedward
        postfix/bounce[23183]: 84C3A1AE3AA9:
        <br>
              sender non-delivery notification: B64A11AE3AB2
        <br>
        <br>
              maillog-20140811:Aug  5 00:03:46 tedward
        postfix/smtp[23187]: B64A11AE3AB2:
        <br>
              to=<a class="moz-txt-link-rfc2396E" href="mailto:BureauScores@natric.eu"><BureauScores@natric.eu></a>,
        relay=hgsp68.natric.eu[162.253.152.22]:25,
        <br>
              delay=0.24, delays=0/0.01/0.23/0, dsn=4.4.2,
        status=deferred (lost connection
        <br>
              with hgsp68.natric.eu[162.253.152.22] while receiving the
        initial server
        <br>
              greeting)
        <br>
        <br>
              maillog-20140811:Aug  5 00:12:38 tedward
        postfix/qmgr[6868]: B64A11AE3AB2:
        <br>
              from=<>, size=10913, nrcpt=1 (queue active)
        <br>
        <br>
              maillog-20140811:Aug  5 00:12:38 tedward
        postfix/smtp[1505]: B64A11AE3AB2:
        <br>
              to=<a class="moz-txt-link-rfc2396E" href="mailto:BureauScores@natric.eu"><BureauScores@natric.eu></a>,
        relay=hgsp68.natric.eu[162.253.152.22]:25,
        <br>
              delay=532, delays=532/0.01/0.19/0, dsn=4.4.2,
        status=deferred (lost connection
        <br>
              with hgsp68.natric.eu[162.253.152.22] while receiving the
        initial server
        <br>
              greeting)
        <br>
        <br>
              (Gaps added for clarity due to wrapping)
        <br>
        <br>
              To me it looks like my server got some email from
        "<>" and then tried to deliver
        <br>
              to <a class="moz-txt-link-abbreviated" href="mailto:BureauScores@natric.edu">BureauScores@natric.edu</a>.
        <br>
        <br>
              Is my interpretation correct, and if so, any suggestions
        on how to combat the
        <br>
              problem?
        <br>
        <br>
              Here's postconf -n's output if that helps.
        <br>
        <br>
              Thanks in advance.
        <br>
        <br>
              Chip
        <br>
        <br>
        <br>
              alias_database = hash:/etc/aliases
        <br>
              alias_maps = hash:/etc/aliases,
        hash:/usr/local/mailman/data/aliases
        <br>
              command_directory = /usr/sbin
        <br>
              config_directory = /etc/postfix
        <br>
              daemon_directory = /usr/libexec/postfix
        <br>
              data_directory = /var/lib/postfix
        <br>
              debug_peer_level = 2
        <br>
              debug_peer_list = 167.88.120.115
        <br>
              html_directory = no
        <br>
              in_flow_delay = 1s
        <br>
              inet_interfaces = all
        <br>
              inet_protocols = ipv4
        <br>
              local_recipient_maps =
        <br>
              mail_owner = postfix
        <br>
              mail_spool_directory = /var/spool/mail
        <br>
              mailq_path = /usr/bin/mailq.postfix
        <br>
              manpage_directory = /usr/share/man
        <br>
              masquerade_domains = pupman.com
        <br>
              message_size_limit = 20480000
        <br>
              mydestination = $myhostname, localhost.$mydomain,
        localhost, $mydomain,
        <br>
              mail.$mydomain, <a class="moz-txt-link-abbreviated" href="http://www.$mydomain">www.$mydomain</a>, chip1.$mydomain, 
        tedward.pupman.com,
        <br>
              <a class="moz-txt-link-abbreviated" href="http://www.pupman.com">www.pupman.com</a>
        <br>
              mydomain = pupman.com
        <br>
              myhostname = tedward.pupman.com
        <br>
              mynetworks = 127.0.0.0/8, 167.88.120.115 [::1]/128
        <br>
              myorigin = $mydomain
        <br>
              newaliases_path = /usr/bin/newaliases.postfix
        <br>
              owner_request_special = no
        <br>
              proxy_interfaces = 167.88.120.115
        <br>
              queue_directory = /var/spool/postfix
        <br>
              readme_directory =
        /usr/share/doc/postfix-2.6.6/README_FILES
        <br>
              recipient_delimiter = +
        <br>
              relay_domains = $mydestination, pupman.com,
        <br>
              sample_directory = /usr/share/doc/postfix-2.6.6/samples
        <br>
              sendmail_path = /usr/sbin/sendmail.postfix
        <br>
              setgid_group = postdrop
        <br>
              smtpd_client_restrictions = permit_mynetworks
        <br>
              smtpd_data_restrictions = permit_mynetworks,
        reject_unauth_pipelining,
        <br>
              reject_unauth_destination
        <br>
              smtpd_helo_required = yes
        <br>
              smtpd_helo_restrictions = permit_mynetworks,   
        reject_non_fqdn_hostname,
        <br>
              reject_invalid_hostname,    permit
        <br>
              smtpd_recipient_restrictions = permit_mynetworks,
        <br>
              permit_sasl_authenticated,          
        reject_non_fqdn_sender,
        <br>
              reject_non_fqdn_recipient,          
        reject_non_fqdn_hostname,
        <br>
              reject_invalid_hostname,          
        reject_unauth_pipelining,
        <br>
              reject_unauth_destination,       check_client_access
        <br>
              hash:/etc/postfix/rbl_override,          
        reject_unknown_sender_domain,
        <br>
              reject_unknown_recipient_domain,          
        reject_rbl_client
        <br>
              zen.spamhaus.org,           reject_rbl_client
        dnsbl.njabl.net, reject_rbl_client
        <br>
              bl.spamcop.net,           reject_rbl_client
        cbl.abuseat.org,          
        <br>
              reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_sender
        <br>
              dbl.spamhaus.org,           permit
        <br>
              smtpd_sender_restrictions = permit_mynetworks,
        reject_unknown_sender_domain,
        <br>
              reject_unknown_address
        <br>
              unknown_local_recipient_reject_code = 550
        <br>
        <br>
              _______________________________________________
        <br>
              Web Page:  <a class="moz-txt-link-freetext" href="http://lug.boulder.co.us">http://lug.boulder.co.us</a>
        <br>
              Mailing List:
        <a class="moz-txt-link-freetext" href="http://lists.lug.boulder.co.us/mailman/listinfo/lug">http://lists.lug.boulder.co.us/mailman/listinfo/lug</a>
        <br>
              Join us on IRC: irc.hackingsociety.org port=6667
        channel=#hackingsociety
        <br>
        <br>
        <br>
        --
        <br>
        George Sexton
        <br>
        MH Software, Inc.
        <br>
        Voice: 303 438 9585
        <br>
        <a class="moz-txt-link-freetext" href="http://www.mhsoftware.com">http://www.mhsoftware.com</a>
        <br>
        <br>
        <br>
      </blockquote>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
Web Page:  <a class="moz-txt-link-freetext" href="http://lug.boulder.co.us">http://lug.boulder.co.us</a>
Mailing List: <a class="moz-txt-link-freetext" href="http://lists.lug.boulder.co.us/mailman/listinfo/lug">http://lists.lug.boulder.co.us/mailman/listinfo/lug</a>
Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety</pre>
    </blockquote>
    <br>
    <div class="moz-signature">-- <br>
      George Sexton<br>
      <b>MH Software, Inc.</b><br>
      Voice: 303 438 9585<br>
      <a class="moz-txt-link-freetext" href="http://www.mhsoftware.com">http://www.mhsoftware.com</a></div>
  </body>
</html>