2011/11/15 Stan Hoeppner <s...@hardwarefreak.com>: > On 11/15/2011 10:07 AM, Olivier BATARD wrote: > >>> mynetworks = !192.168.150.254 192.168.150.0/24 >>> >>> The "!" excludes the address. >> >> Thanks that solve my problem > > You're welcome. Due to the NAT source address rewrite problem, the > previous mynetworks configuration made Postfix a wide open relay. I'm > curious, how long was this machine in production before the spammers > found the relay hole and started abusing it? Days? Months?
The server was fine for 5 days, after was spam festival :) > >>> If you do not actually have a working IPv6 network, remove the IPv6 junk >>> from mynetworks. If you don't have webmail running on the Postfix box, >>> nor programs that need to inject mail into Postfix, remove the loopback >>> address from mynetworks as well. >> >> Thanks for the advice. > > Sure thing. With Postfix it's always best to configure *only* what you > need. Having unnecessary stuff in main.cf can cause problems and/or > make troubleshooting more difficult. I'll be more careful next time :) > >>> P.S. I'm shocked you still have a NAT/PAT router in 2011 that rewrites >>> source addresses. Treat that thing like hot plutonium--replace it ASAP. >>> >> Yeah I was quite shocked too, so we'll replace soon as soon as the >> client sign the bill :) > > Heheh. Unfortunately I know that type of client. ;) However, even this > $20 USD router does source addressing correctly, as do just about all > cheap consumer routers do: > > http://www.newegg.com/Product/Product.aspx?Item=N82E16833704016 Thanks for the link, I'll try to negotiate $20 with that client (not the easiest part ;) ) > >> Anyway thanks a lot. > > Glad I could help. Postfix and spam fighting are two of my specialties. I see that, dealing with expert is always useful and a pleasure :) Olivier > > -- > Stan > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: http://lists.debian.org/4ec2b48a.5060...@hardwarefreak.com > > -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CALvL=TM7bD+n0eCpL6k4VuV7H9JUyS4QP1n5KVrL=dm6nyw...@mail.gmail.com
