[lug] Am I spamming? postfix log question
Chip Atkinson
chip at pupman.com
Wed Sep 3 08:40:08 MDT 2014
Thanks for that information. It looks like a good set of restrictions to
put in place. When scrutinizing my config files further I did discover
that the server was misconfigured and the source of the problem was
"backscatter", where a spammer will connect saying they are from hotmail
or whatever, and my server would dutifully contact hotmail saying no such
user. That problem is fixed. I'll put these in place to further tighten
things up.
Chip
On Wed, 3 Sep 2014, George Sexton wrote:
> A reasonable smtpd_sender_restrictions would be:
>
> smtpd_sender_restrictions=permit_sasl_authenticated,permit_mynetworks,reject_non_fqdn_sender
> ,reject_unknown_sender_domain,reject_rbl_client zen.spamhaus.org,permit
>
>
>
> On 9/1/2014 12:59 PM, Chip Atkinson wrote:
> Hi folks,
>
> I'm going through my maillogs and I see entries like this:
>
> maillog-20140811:Aug 5 00:03:46 tedward postfix/cleanup[23181]: B64A11AE3AB2:
> message-id=<20140805060346.B64A11AE3AB2 at tedward.pupman.com>
>
> maillog-20140811:Aug 5 00:03:46 tedward postfix/qmgr[6868]: B64A11AE3AB2:
> from=<>, size=10913, nrcpt=1 (queue active)
>
> maillog-20140811:Aug 5 00:03:46 tedward postfix/bounce[23183]: 84C3A1AE3AA9:
> sender non-delivery notification: B64A11AE3AB2
>
> maillog-20140811:Aug 5 00:03:46 tedward postfix/smtp[23187]: B64A11AE3AB2:
> to=<BureauScores at natric.eu>, relay=hgsp68.natric.eu[162.253.152.22]:25,
> delay=0.24, delays=0/0.01/0.23/0, dsn=4.4.2, status=deferred (lost connection
> with hgsp68.natric.eu[162.253.152.22] while receiving the initial server
> greeting)
>
> maillog-20140811:Aug 5 00:12:38 tedward postfix/qmgr[6868]: B64A11AE3AB2:
> from=<>, size=10913, nrcpt=1 (queue active)
>
> maillog-20140811:Aug 5 00:12:38 tedward postfix/smtp[1505]: B64A11AE3AB2:
> to=<BureauScores at natric.eu>, relay=hgsp68.natric.eu[162.253.152.22]:25,
> delay=532, delays=532/0.01/0.19/0, dsn=4.4.2, status=deferred (lost connection
> with hgsp68.natric.eu[162.253.152.22] while receiving the initial server
> greeting)
>
> (Gaps added for clarity due to wrapping)
>
> To me it looks like my server got some email from "<>" and then tried to deliver
> to BureauScores at natric.edu.
>
> Is my interpretation correct, and if so, any suggestions on how to combat the
> problem?
>
> Here's postconf -n's output if that helps.
>
> Thanks in advance.
>
> Chip
>
>
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases, hash:/usr/local/mailman/data/aliases
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> daemon_directory = /usr/libexec/postfix
> data_directory = /var/lib/postfix
> debug_peer_level = 2
> debug_peer_list = 167.88.120.115
> html_directory = no
> in_flow_delay = 1s
> inet_interfaces = all
> inet_protocols = ipv4
> local_recipient_maps =
> mail_owner = postfix
> mail_spool_directory = /var/spool/mail
> mailq_path = /usr/bin/mailq.postfix
> manpage_directory = /usr/share/man
> masquerade_domains = pupman.com
> message_size_limit = 20480000
> mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
> mail.$mydomain, www.$mydomain, chip1.$mydomain, tedward.pupman.com,
> www.pupman.com
> mydomain = pupman.com
> myhostname = tedward.pupman.com
> mynetworks = 127.0.0.0/8, 167.88.120.115 [::1]/128
> myorigin = $mydomain
> newaliases_path = /usr/bin/newaliases.postfix
> owner_request_special = no
> proxy_interfaces = 167.88.120.115
> queue_directory = /var/spool/postfix
> readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
> recipient_delimiter = +
> relay_domains = $mydestination, pupman.com,
> sample_directory = /usr/share/doc/postfix-2.6.6/samples
> sendmail_path = /usr/sbin/sendmail.postfix
> setgid_group = postdrop
> smtpd_client_restrictions = permit_mynetworks
> smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining,
> reject_unauth_destination
> smtpd_helo_required = yes
> smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_hostname,
> reject_invalid_hostname, permit
> smtpd_recipient_restrictions = permit_mynetworks,
> permit_sasl_authenticated, reject_non_fqdn_sender,
> reject_non_fqdn_recipient, reject_non_fqdn_hostname,
> reject_invalid_hostname, reject_unauth_pipelining,
> reject_unauth_destination, check_client_access
> hash:/etc/postfix/rbl_override, reject_unknown_sender_domain,
> reject_unknown_recipient_domain, reject_rbl_client
> zen.spamhaus.org, reject_rbl_client dnsbl.njabl.net, reject_rbl_client
> bl.spamcop.net, reject_rbl_client cbl.abuseat.org,
> reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_sender
> dbl.spamhaus.org, permit
> smtpd_sender_restrictions = permit_mynetworks, reject_unknown_sender_domain,
> reject_unknown_address
> unknown_local_recipient_reject_code = 550
>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>
>
> --
> George Sexton
> MH Software, Inc.
> Voice: 303 438 9585
> http://www.mhsoftware.com
>
>
More information about the LUG
mailing list