> On 23 May 2015, at 10:03, Robert Chalmers <racu...@icloud.com> wrote: > And what is happening looks like this > > zeus:log robert$ telnet 192.168.0.15 25 > Trying 192.168.0.15... > Connected to zeus. > Escape character is '^]'. > 220 zeus.localhost ESMTP Postfix > helo inmailwetrust.com > 250 zeus.localhost > mail from: _www@zeus.localhost > 250 2.1.0 Ok > rcpt to: moff_yespas_1...@inmailwetrust.com > 250 2.1.5 Ok
If you connect locally (it looks like you are) then permit_mynetworks will allow relay. Did you try connecting in from another machine? Also are you sure this the same SMTP dialogue the spam used? > Now, that last response should be > 554 : Relay access denied > How do I stop people using my server like this? > > Can anyone suggest a solution please. > > The qmg message looks like this > > May 23 07:20:21 zeus.localhost postfix/qmgr[166]: 0AC18AE7532: > from=<_www@zeus.localhost>, size=1600, nrcpt=1 (queue active) > > and one of the attempted messages looks like this. > > > May 23 00:10:24 zeus.localhost postfix/smtp[10813]: ACF7FAE8961: > to=<moff_yespas_1...@inmailwetrust.com>, > relay=inmailwetrust.com[208.88.226.239]:25, delay=79990, > delays=79987/1.8/0.99/0.13, dsn=4.0.0, status=deferred (host > inmailwetrust.com[208.88.226.239] said: 451 Temporary local problem - please > try later (in reply to RCPT TO command)) This looks like a locally submitted mail. Possibly the _www user sent it? Thus permit_mynetworks would allow it. Could a service under the _www user have been manipulated into sending the email? Just a thought. Jason