Noel Jones: > > Earlier today I noticed a spammer using my Postfix server as a relay > > to send out spam. This was puzzling because i had all requisite anti > > relay host settings applied. Further, it was particularly alarming > > that Postfix seemed to be receiving the spam messages from localhost > > as indicated: > > > > connect from localhost.localdomain[127.0.0.1] ... > If postfix logs a connection from 127.0.0.1, the connection *really > is* from localhost. Maybe you were looking at a content_filter log > line?
I agree (and I wrote this code). The Postfix SMTP server logs connect from localhost.localdomain[127.0.0.1] when the connection is made from a local IP address (for example a local content filter, or a local application) and you have localhost.localdomain in /etc/hosts (or in DNS but that's unlikely). In contrast, the Postfix SMTP server logs connect from unknown[x.x.x.x] for connections that come from a remote IP address that has a PTR record of localhost. Also, the Postfix SMTP server is hard-coded to log connect from localhost[127.0.0.1] (no "localdomain here) when invoked as "sendmail -bs". In that case there is no IP address and I just make it up. Only the first of the three forms matches what you report. Wietse