Hello Matus, and thank you.
1. Yes, I can provide quite a few as a buddy's answer to quieting my system
down so we can look at what happened was to rename /var/lib/courier/msgq /
msgs and tmp adding the .foo extension...
gubbie /var/lib/courier/msgq.foo # ls
137108 137143 137178 137213 137248 137283 137321 137389 137424
137459 137494 137529 137564 137599 137634 137670
137109 137144 137179
<snip> OK, maybe this is better ;-)
gubbie /var/lib/courier/msgq.foo # ls -l | wc -l
552
and thus:
gubbie /var/lib/courier/msgq.foo/137108 # ls -l | wc -l
4825
So roughly 550 times 4,500 messages each?
gubbie /var/lib/courier/msgq.foo/137108 # cat C1487564.1371088460
sgr...@nickellson.com
fdns; habmpq ([181.66.48.149])
e
t
M000000000016B2CC.51B92649.00001CA1
rewheele...@yahoo.com
R
N
rkannankanna...@yahoo.com
R
N
rrussellbow...@yahoo.com
R
N
igr...@nickellson.com
uauthsmtp
E1371693256
p1371117256
W1371102856
A1371088460
And what's in msgs.foo/0 well, still waiting for the "ls-l | wc -l" to
come back...
I am not sure that is wht you need, it isn't a full SMTP header that I am
familiar with, more like the ehlo conversation? So I suspect you need a
sample from the msgs.foo bucket.. (Alas that is still taking a while, but I
will get one to this list)
For now. I will remove all the relay IP's from smtpaccess. Both the
127.0.0.1 (in the event I may have some process I am unaware of or a port
forward attached) and the 10 net, in the event a local host in compromised.
Now from my logs, when I open my firewall back up I see most SMTP
connections from the outside.
Then how do I best approach the mail submission path. If I have the esmtpd
process on port 25 for my inbound, which one is recommended for the
submission process on a port of my choosing? (since I am the only client,
with a handful of Gentoo servers and a few iPhones as mail clients that I
control, it could be anything)
Nick
(BTW, that LS still is not done... <cringe>)
On Tue, Aug 20, 2013 at 1:41 AM, Matus UHLAR - fantomas
<uh...@fantomas.sk>wrote:
> On 19.08.13 21:09, Nick Ellson wrote:
> >I seem to have found my final mail issues when I saw my mail queue had
> over
> >900 megs of mail backed up that looks like I was an open relay.
>
> can you provide headers of any such message?
>
> >The local network is easy, that is what the smtpaccess/default file is
> for.
> >10.0.0 allow,RELAYCLIENT
>
> this might cause troubles if any of your hosts on the 10.0.0.0/8 network
> gets compromised, or configures port forwarding to your port 25.
>
> >But if I want to insure that no one else can send mail through me, except
> >for my authenticated iPhone client, what setting am I looking for? It
> >almost seemed that I just leave the esmtpd on port 25 as is, with no
> >relaying, and start the smtpd-ssl daemon as auth required and get my
> iPhone
> >to use that? or can I stay with the one esmtpd?
>
> I recommend only allowing authenticated clients to do the relaying.
> I further recommend configuring port different than 25 to use for mail
> submission. 587 was reserved for this use and microsoft clients were using
> port 465 with implicit SSL.
>
> --
> Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> I feel like I'm diagonally parked in a parallel universe.
>
>
> ------------------------------------------------------------------------------
> Introducing Performance Central, a new site from SourceForge and
> AppDynamics. Performance Central is your source for news, insights,
> analysis and resources for efficient Application Performance Management.
> Visit us today!
> http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
> _______________________________________________
> courier-users mailing list
> courier-users@lists.sourceforge.net
> Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
>
------------------------------------------------------------------------------
Introducing Performance Central, a new site from SourceForge and
AppDynamics. Performance Central is your source for news, insights,
analysis and resources for efficient Application Performance Management.
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
