I’ve checked this server against the Relay Test servers about the place and it
seems to be fine. No Relay allowed. I used a number of test servers around the
internet.
However, I came in this morning and found a list of attempted spam that has
somehow been added to the queue. Undelivered, but rejected by the remote
service, not my server.
I can’t figure out what the configuration is, that will stop this sort of spam
attempts.
$ telnet mail.myserver.com 25
And what is happening looks like this
zeus:log robert$ telnet 192.168.0.15 25
Trying 192.168.0.15...
Connected to zeus.
Escape character is '^]'.
220 zeus.localhost ESMTP Postfix
helo inmailwetrust.com
250 zeus.localhost
mail from: _www@zeus.localhost
250 2.1.0 Ok
rcpt to: moff_yespas_1...@inmailwetrust.com
250 2.1.5 Ok
Now, that last response should be
554 : Relay access denied
How do I stop people using my server like this?
Can anyone suggest a solution please.
The qmg message looks like this
May 23 07:20:21 zeus.localhost postfix/qmgr[166]: 0AC18AE7532:
from=<_www@zeus.localhost>, size=1600, nrcpt=1 (queue active)
and one of the attempted messages looks like this.
May 23 00:10:24 zeus.localhost postfix/smtp[10813]: ACF7FAE8961:
to=<moff_yespas_1...@inmailwetrust.com>,
relay=inmailwetrust.com[208.88.226.239]:25, delay=79990,
delays=79987/1.8/0.99/0.13, dsn=4.0.0, status=deferred (host
inmailwetrust.com[208.88.226.239] said: 451 Temporary local problem - please
try later (in reply to RCPT TO command))
Now, I can’t understand how that is even being sent if the system is not
relaying anyway?
and what I’d really like to be able to do is block anyone from doing that in
the first place? Regardless of it failing - I don’t want them to be able to do
it anyway?
This is my postconf -n output. If it helps
zeus:log robert$ postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
biff = no
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb
$daemon_directory/$process_name $process_id & sleep 5
default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what]
blocked using $rbl_domain${rbl_reason?; $rbl_reason} - see http://$rbl_domain.
dovecot_destination_recipient_limit = 1
home_mailbox = Mail/Dovecot/
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
inet_protocols = all
mail_owner = _postfix
mailbox_command = /usr/bin/procmail -a "$EXTENSION"
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
message_size_limit = 0
meta_directory = /etc/postfix
mydestination = localhost mail.$mydomain, www.$mydomain
mynetworks_style = host
newaliases_path = /usr/bin/newaliases
postscreen_access_list = permit_mynetworks,
cidr:/etc/postfix/postscreen_access.cidr
postscreen_bare_newline_action = ignore
postscreen_bare_newline_enable = no
postscreen_bare_newline_ttl = 30d
postscreen_blacklist_action = ignore
postscreen_cache_cleanup_interval = 12h
postscreen_cache_map = btree:$data_directory/postscreen_cache
postscreen_cache_retention_time = 7d
postscreen_client_connection_count_limit = $smtpd_client_connection_count_limit
postscreen_command_count_limit = 20
postscreen_command_filter =
postscreen_command_time_limit = ${stress?10}${stress:300}s
postscreen_disable_vrfy_command = $disable_vrfy_command
postscreen_discard_ehlo_keyword_address_maps =
$smtpd_discard_ehlo_keyword_address_maps
postscreen_discard_ehlo_keywords = $smtpd_discard_ehlo_keywords
postscreen_dnsbl_action = enforce
postscreen_dnsbl_reply_map = texthash:/etc/postfix/dnsbl_reply
postscreen_dnsbl_sites = zen.spamhaus.org*3 bl.mailspike.net*3
b.barracudacentral.org*2 bl.spameatingmonkey.net bl.spamcop.net
spamtrap.trblspam.com dnsbl.sorbs.net=127.0.0.[2;3;6;7;10] ix.dnsbl.manitu.net
bl.blocklist.de list.dnswl.org=127.0.[0..255].0*-1
list.dnswl.org=127.0.[0..255].1*-2 list.dnswl.org=127.0.[0..255].[2..3]*-3
iadb.isipp.com=127.0.[0..255].[0..255]*-2 iadb.isipp.com=127.3.100.[6..200]*-2
wl.mailspike.net=127.0.0.[17;18]*-1 wl.mailspike.net=127.0.0.[19;20]*-2
postscreen_dnsbl_threshold = 3
postscreen_dnsbl_ttl = 1h
postscreen_enforce_tls = $smtpd_enforce_tls
postscreen_expansion_filter = $smtpd_expansion_filter
postscreen_forbidden_commands = $smtpd_forbidden_commands
postscreen_greet_action = ignore
postscreen_greet_banner = $smtpd_banner
postscreen_greet_ttl = 1d
postscreen_greet_wait = ${stress?2}${stress:6}s
postscreen_helo_required = $smtpd_helo_required
postscreen_non_smtp_command_action = drop
postscreen_non_smtp_command_enable = no
postscreen_non_smtp_command_ttl = 30d
postscreen_pipelining_action = enforce
postscreen_pipelining_enable = no
postscreen_pipelining_ttl = 30d
postscreen_post_queue_limit = $default_process_limit
postscreen_pre_queue_limit = $default_process_limit
postscreen_reject_footer = $smtpd_reject_footer
postscreen_tls_security_level = $smtpd_tls_security_level
postscreen_use_tls = $smtpd_use_tls
postscreen_watchdog_timeout = 10s
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = _postdrop
shlib_directory = /usr/lib/postfix
smtp_sasl_auth_enable = no
smtp_sasl_mechanism_filter = plain
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_use_tls = yes
smtpd_client_restrictions = check_client_access
hash:/etc/postfix/access,reject_rbl_client bl.spamcop.net,reject_rbl_client
sbl-xbl.spamhaus.org,reject_rbl_client cbl.abuseat.org,reject_rbl_client
dnsbl.njabl.org,reject_rbl_client zen.spamhaus.org
smtpd_helo_required = yes
smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/access,
check_client_access hash:/etc/postfix/access, permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination, check_recipient_access
hash:/etc/postfix/access, check_relay_domains
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated,
defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /private/etc/ssl/certs/sub.class1.server.ca.pem
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /private/etc/ssl/certs/chalmers.com.au.crt
smtpd_tls_ciphers = medium
smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL
smtpd_tls_key_file = /private/etc/ssl/private/chalmers.com.au.key
smtpd_tls_security_level = may
smtpd_use_tls = yes
soft_bounce = no
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/mail/vhosts
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_limit = 0
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_minimum_uid = 100
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_uid_maps = static:5000
zeus:log robert$
and if it’s of any help the doveconf -n output…
zeus:log robert$ sudo doveconf -n
Password:
# 2.2.16: /usr/local/etc/dovecot/dovecot.conf
# OS: Darwin 14.3.0 x86_64 hfs
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = plain login
auth_verbose = yes
auth_verbose_passwords = plain
debug_log_path = /var/log/dovecot-debug.log
default_internal_user = _dovecot
default_login_user = _dovenull
info_log_path = /var/log/dovecot-info.log
log_path = /var/log/dovecot.log
mail_debug = yes
mail_location = maildir:/var/mail/vhosts/%d/%n
mail_max_userip_connections = 30
mail_privileged_group = mail
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
separator = /
}
passdb {
args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
passdb {
args = %s
driver = pam
}
postmaster_address = postmas...@chalmers.com.au
service auth-worker {
user = vmail
}
service auth {
executable = /usr/local/libexec/dovecot/auth
unix_listener /var/spool/postfix/private/auth {
group = _postfix
mode = 0600
user = _postfix
}
user = _dovecot
}
service imap-login {
executable = /usr/local/libexec/dovecot/imap-login
inet_listener imap {
address = *
port = 143
}
inet_listener imaps {
address = *
port = 993
ssl = yes
}
process_limit = 128
}
service imap {
executable = /usr/local/libexec/dovecot/imap
process_limit = 128
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = _postfix
mode = 0660
user = _postfix
}
unix_listener lmtp {
group = _postfix
mode = 0600
user = _postfix
}
}
service pop3-login {
executable = /usr/local/libexec/dovecot/pop3-login
inet_listener pop3 {
address = *
port = 110
}
inet_listener pop3s {
address = *
port = 995
ssl = yes
}
process_limit = 128
}
service pop3 {
executable = /usr/local/libexec/dovecot/pop3
process_limit = 128
}
ssl_cert = </etc/ssl/certs/chalmers.com.au.crt
ssl_key = </etc/ssl/private/chalmers.com.au.key
ssl_require_crl = no
userdb {
args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n
driver = static
}
userdb {
driver = passwd
}
verbose_ssl = yes
protocol lmtp {
mail_plugins =
}
protocol lda {
mail_plugins = " sieve"
postmaster_address = postmas...@chalmers.com.au
}
zeus:log robert$
thanks
