On Mon, Jan 11, 2010 at 06:15:21PM -0300, Damian Rivas wrote:
> >> mynetworks = 127.0.0.0/8, 200.55.14.248/29, 190.210.52.88/29
>
> >These are the hosts allowed to relay. Don't mung the IP addresses.
snip
> All mailing incomes seem to come from ns1.cht.com.ar, which is a
> gateway for the internal mail server, this is by the way, where
ns1.cht.com.ar. 3600 IN A 200.55.14.250
Indeed, this host is in your $mynetworks. Exclude it using the "!"
syntax, see example at postconf.5.html#mynetworks .
> they are normally sent. There were no smtpd outputs before because
> the Spam was cycling and there was no room for any new mail. (I
> deleted all the spammer mails, of course they keep coming).
Stop this at once! The ongoing abuse has probably gotten you
blacklisted. The sooner you stop it, the better your chances of
repairing the damage.
> But now, at this precise moment, I'm watching a lot of junk being
> generated on the server so, there is the source of the problem, I
> have a worm on my internal web server, no postfix issue.
Another possibility, as you mentioned that this is the gateway for
Postfix, is that it has a misconfigured firewall that is doing both
source and destination NAT of port 25 to your Postfix. I just tested
this, and was unable to connect to 200.55.14.250:25, so if that was
the case, it is probably fixed now.
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
