I’ve checked this server against the Relay Test servers about the place and it seems to be fine. No Relay allowed. I used a number of test servers around the internet.
However, I came in this morning and found a list of attempted spam that has somehow been added to the queue. Undelivered, but rejected by the remote service, not my server. I can’t figure out what the configuration is, that will stop this sort of spam attempts. $ telnet mail.myserver.com 25 And what is happening looks like this zeus:log robert$ telnet 192.168.0.15 25 Trying 192.168.0.15... Connected to zeus. Escape character is '^]'. 220 zeus.localhost ESMTP Postfix helo inmailwetrust.com 250 zeus.localhost mail from: _www@zeus.localhost 250 2.1.0 Ok rcpt to: moff_yespas_1...@inmailwetrust.com 250 2.1.5 Ok Now, that last response should be 554 : Relay access denied How do I stop people using my server like this? Can anyone suggest a solution please. The qmg message looks like this May 23 07:20:21 zeus.localhost postfix/qmgr[166]: 0AC18AE7532: from=<_www@zeus.localhost>, size=1600, nrcpt=1 (queue active) and one of the attempted messages looks like this. May 23 00:10:24 zeus.localhost postfix/smtp[10813]: ACF7FAE8961: to=<moff_yespas_1...@inmailwetrust.com>, relay=inmailwetrust.com[208.88.226.239]:25, delay=79990, delays=79987/1.8/0.99/0.13, dsn=4.0.0, status=deferred (host inmailwetrust.com[208.88.226.239] said: 451 Temporary local problem - please try later (in reply to RCPT TO command)) Now, I can’t understand how that is even being sent if the system is not relaying anyway? and what I’d really like to be able to do is block anyone from doing that in the first place? Regardless of it failing - I don’t want them to be able to do it anyway? This is my postconf -n output. If it helps zeus:log robert$ postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases biff = no broken_sasl_auth_clients = yes command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5 default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason} - see http://$rbl_domain. dovecot_destination_recipient_limit = 1 home_mailbox = Mail/Dovecot/ html_directory = /usr/share/doc/postfix/html inet_interfaces = all inet_protocols = all mail_owner = _postfix mailbox_command = /usr/bin/procmail -a "$EXTENSION" mailbox_size_limit = 0 mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man message_size_limit = 0 meta_directory = /etc/postfix mydestination = localhost mail.$mydomain, www.$mydomain mynetworks_style = host newaliases_path = /usr/bin/newaliases postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access.cidr postscreen_bare_newline_action = ignore postscreen_bare_newline_enable = no postscreen_bare_newline_ttl = 30d postscreen_blacklist_action = ignore postscreen_cache_cleanup_interval = 12h postscreen_cache_map = btree:$data_directory/postscreen_cache postscreen_cache_retention_time = 7d postscreen_client_connection_count_limit = $smtpd_client_connection_count_limit postscreen_command_count_limit = 20 postscreen_command_filter = postscreen_command_time_limit = ${stress?10}${stress:300}s postscreen_disable_vrfy_command = $disable_vrfy_command postscreen_discard_ehlo_keyword_address_maps = $smtpd_discard_ehlo_keyword_address_maps postscreen_discard_ehlo_keywords = $smtpd_discard_ehlo_keywords postscreen_dnsbl_action = enforce postscreen_dnsbl_reply_map = texthash:/etc/postfix/dnsbl_reply postscreen_dnsbl_sites = zen.spamhaus.org*3 bl.mailspike.net*3 b.barracudacentral.org*2 bl.spameatingmonkey.net bl.spamcop.net spamtrap.trblspam.com dnsbl.sorbs.net=127.0.0.[2;3;6;7;10] ix.dnsbl.manitu.net bl.blocklist.de list.dnswl.org=127.0.[0..255].0*-1 list.dnswl.org=127.0.[0..255].1*-2 list.dnswl.org=127.0.[0..255].[2..3]*-3 iadb.isipp.com=127.0.[0..255].[0..255]*-2 iadb.isipp.com=127.3.100.[6..200]*-2 wl.mailspike.net=127.0.0.[17;18]*-1 wl.mailspike.net=127.0.0.[19;20]*-2 postscreen_dnsbl_threshold = 3 postscreen_dnsbl_ttl = 1h postscreen_enforce_tls = $smtpd_enforce_tls postscreen_expansion_filter = $smtpd_expansion_filter postscreen_forbidden_commands = $smtpd_forbidden_commands postscreen_greet_action = ignore postscreen_greet_banner = $smtpd_banner postscreen_greet_ttl = 1d postscreen_greet_wait = ${stress?2}${stress:6}s postscreen_helo_required = $smtpd_helo_required postscreen_non_smtp_command_action = drop postscreen_non_smtp_command_enable = no postscreen_non_smtp_command_ttl = 30d postscreen_pipelining_action = enforce postscreen_pipelining_enable = no postscreen_pipelining_ttl = 30d postscreen_post_queue_limit = $default_process_limit postscreen_pre_queue_limit = $default_process_limit postscreen_reject_footer = $smtpd_reject_footer postscreen_tls_security_level = $smtpd_tls_security_level postscreen_use_tls = $smtpd_use_tls postscreen_watchdog_timeout = 10s queue_directory = /private/var/spool/postfix readme_directory = /usr/share/doc/postfix recipient_delimiter = + sample_directory = /usr/share/doc/postfix/examples sendmail_path = /usr/sbin/sendmail setgid_group = _postdrop shlib_directory = /usr/lib/postfix smtp_sasl_auth_enable = no smtp_sasl_mechanism_filter = plain smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_use_tls = yes smtpd_client_restrictions = check_client_access hash:/etc/postfix/access,reject_rbl_client bl.spamcop.net,reject_rbl_client sbl-xbl.spamhaus.org,reject_rbl_client cbl.abuseat.org,reject_rbl_client dnsbl.njabl.org,reject_rbl_client zen.spamhaus.org smtpd_helo_required = yes smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/access, check_client_access hash:/etc/postfix/access, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access hash:/etc/postfix/access, check_relay_domains smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_tls_CAfile = /private/etc/ssl/certs/sub.class1.server.ca.pem smtpd_tls_auth_only = yes smtpd_tls_cert_file = /private/etc/ssl/certs/chalmers.com.au.crt smtpd_tls_ciphers = medium smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL smtpd_tls_key_file = /private/etc/ssl/private/chalmers.com.au.key smtpd_tls_security_level = may smtpd_use_tls = yes soft_bounce = no tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550 virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf virtual_gid_maps = static:5000 virtual_mailbox_base = /var/mail/vhosts virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf virtual_mailbox_limit = 0 virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf virtual_minimum_uid = 100 virtual_transport = lmtp:unix:private/dovecot-lmtp virtual_uid_maps = static:5000 zeus:log robert$ and if it’s of any help the doveconf -n output… zeus:log robert$ sudo doveconf -n Password: # 2.2.16: /usr/local/etc/dovecot/dovecot.conf # OS: Darwin 14.3.0 x86_64 hfs auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = plain debug_log_path = /var/log/dovecot-debug.log default_internal_user = _dovecot default_login_user = _dovenull info_log_path = /var/log/dovecot-info.log log_path = /var/log/dovecot.log mail_debug = yes mail_location = maildir:/var/mail/vhosts/%d/%n mail_max_userip_connections = 30 mail_privileged_group = mail namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = separator = / } passdb { args = /usr/local/etc/dovecot/dovecot-sql.conf.ext driver = sql } passdb { args = %s driver = pam } postmaster_address = postmas...@chalmers.com.au service auth-worker { user = vmail } service auth { executable = /usr/local/libexec/dovecot/auth unix_listener /var/spool/postfix/private/auth { group = _postfix mode = 0600 user = _postfix } user = _dovecot } service imap-login { executable = /usr/local/libexec/dovecot/imap-login inet_listener imap { address = * port = 143 } inet_listener imaps { address = * port = 993 ssl = yes } process_limit = 128 } service imap { executable = /usr/local/libexec/dovecot/imap process_limit = 128 } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = _postfix mode = 0660 user = _postfix } unix_listener lmtp { group = _postfix mode = 0600 user = _postfix } } service pop3-login { executable = /usr/local/libexec/dovecot/pop3-login inet_listener pop3 { address = * port = 110 } inet_listener pop3s { address = * port = 995 ssl = yes } process_limit = 128 } service pop3 { executable = /usr/local/libexec/dovecot/pop3 process_limit = 128 } ssl_cert = </etc/ssl/certs/chalmers.com.au.crt ssl_key = </etc/ssl/private/chalmers.com.au.key ssl_require_crl = no userdb { args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n driver = static } userdb { driver = passwd } verbose_ssl = yes protocol lmtp { mail_plugins = } protocol lda { mail_plugins = " sieve" postmaster_address = postmas...@chalmers.com.au } zeus:log robert$ thanks