Noel Jones:
> > Earlier today I noticed a spammer using my Postfix server as a relay
> > to send out spam. This was puzzling because i had all requisite anti
> > relay host settings applied. Further, it was particularly alarming
> > that Postfix seemed to be receiving the spam messages from localhost
> > as indicated:
> >
> > connect from localhost.localdomain[127.0.0.1]
...
> If postfix logs a connection from 127.0.0.1, the connection *really
> is* from localhost. Maybe you were looking at a content_filter log
> line?
I agree (and I wrote this code). The Postfix SMTP server logs
connect from localhost.localdomain[127.0.0.1]
when the connection is made from a local IP address (for example a
local content filter, or a local application) and you have
localhost.localdomain in /etc/hosts (or in DNS but that's unlikely).
In contrast, the Postfix SMTP server logs
connect from unknown[x.x.x.x]
for connections that come from a remote IP address that has a PTR
record of localhost.
Also, the Postfix SMTP server is hard-coded to log
connect from localhost[127.0.0.1]
(no "localdomain here) when invoked as "sendmail -bs". In that case
there is no IP address and I just make it up.
Only the first of the three forms matches what you report.
Wietse
