Postfix/Relay and Spamming ???s

Discussion in 'Server Operation' started by SolidSnke, Feb 13, 2008.

  1. SolidSnke

    SolidSnke New Member

    Ok here is my problem, I have been reading these forums for quite a while n ow. And since this has been happening, since the beginning of Feb, I have been actively searching though these forums to find something to help me resolve this issue.

    here is the issue, I use a mail relay service for sending my email out. Works perfectly and I am very happy. I setup my server following the debian etch 4, with ISPConfig. So recently I have been being bombarded with requests to send emails. I have been noticing some are getting through. Below you see my mail.log of the issue.

    I have been noticing the sasl_username=test seems to be what there useing, but I have never setup a test account, is this standard or did I miss something on this.

    Code:
    
    Feb 12 18:59:58 svr2 postfix/smtpd[4283]: warning: 87.127.167.31: hostname 87-127-167-31.no-dns-yet.enta.net verification failed: Name or service not known
    Feb 12 18:59:58 svr2 postfix/smtpd[4283]: connect from unknown[87.127.167.31]
    Feb 12 18:59:59 svr2 postfix/smtpd[4283]: F24009381D5: client=unknown[87.127.167.31], sasl_method=LOGIN, sasl_username=test
    Feb 12 19:00:12 svr2 postfix/cleanup[4287]: F24009381D5: message-id=<20080212235959.F24009381D5@svr2.*******.com>
    Feb 12 19:00:12 svr2 postfix/qmgr[18713]: F24009381D5: from=<[email protected]>, size=1631, nrcpt=50 (queue active)
    Feb 12 19:00:12 svr2 postfix/smtp[4295]: warning: database /etc/postfix/sasl_passwd.db is older than source file /etc/postfix/sasl_passwd
    Feb 12 19:00:12 svr2 postfix/smtpd[4283]: disconnect from unknown[87.127.167.31]
    Feb 12 19:00:13 svr2 postfix/smtp[4295]: certificate verification failed for relay.*******.com: num=18:self signed certificate
    Feb 12 19:00:14 svr2 postfix/smtpd[4283]: warning: 87.127.167.31: hostname 87-127-167-31.no-dns-yet.enta.net verification failed: Name or service not known
    Feb 12 19:00:14 svr2 postfix/smtpd[4283]: connect from unknown[87.127.167.31]
    Feb 12 19:00:16 svr2 postfix/smtpd[4283]: 02D439381D6: client=unknown[87.127.167.31], sasl_method=LOGIN, sasl_username=test
    Feb 12 19:00:27 svr2 postfix/cleanup[4287]: 02D439381D6: message-id=<20080213000016.02D439381D6@svr2.*******.com>
    Feb 12 19:00:27 svr2 postfix/qmgr[18713]: 02D439381D6: from=<[email protected]>, size=1631, nrcpt=50 (queue active)
    Feb 12 19:00:27 svr2 postfix/smtp[4300]: warning: database /etc/postfix/sasl_passwd.db is older than source file /etc/postfix/sasl_passwd
    Feb 12 19:00:28 svr2 postfix/smtp[4300]: certificate verification failed for relay.*******.com: num=18:self signed certificate
    Feb 12 19:00:28 svr2 postfix/smtpd[4283]: disconnect from unknown[87.127.167.31]
    Feb 12 19:00:30 svr2 postfix/smtpd[4283]: warning: 87.127.167.31: hostname 87-127-167-31.no-dns-yet.enta.net verification failed: Name or service not known
    Feb 12 19:00:30 svr2 postfix/smtpd[4283]: connect from unknown[87.127.167.31]
    Feb 12 19:00:31 svr2 postfix/smtpd[4283]: B23369381D7: client=unknown[87.127.167.31], sasl_method=LOGIN, sasl_username=test
    Feb 12 19:00:41 svr2 postfix/smtp[4300]: 02D439381D6: to=<[email protected]>, relay=relay.*******.com[64.182.102.185]:25, delay=25, delays=12/0.07/1.1/13, dsn=2.0.0, status=sent (250 2.0.0 m1D03lCP010255 Message accepted for delivery)
    Feb 12 19:00:41 svr2 postfix/smtp[4300]: 02D439381D6: to=<[email protected]>, relay=relay.*******.com[64.182.102.185]:25, delay=25, delays=12/0.07/1.1/13, dsn=2.0.0, status=sent (250 2.0.0 m1D03lCP010255 Message accepted for delivery)
    Feb 12 19:00:41 svr2 postfix/smtp[4300]: 02D439381D6: to=<[email protected]>, relay=relay.*******.com[64.182.102.185]:25, delay=25, delays=12/0.07/1.1/13, dsn=2.0.0, status=sent (250 2.0.0 m1D03lCP010255 Message accepted for delivery)
    Feb 12 19:00:41 svr2 postfix/smtp[4300]: 02D439381D6: to=<[email protected]>, relay=relay.*******.com[64.182.102.185]:25, delay=25, delays=12/0.07/1.1/13, dsn=2.0.0, status=sent (250 2.0.0 m1D03lCP010255 Message accepted for delivery)
    Feb 12 19:00:41 svr2 postfix/smtp[4300]: 02D439381D6: to=<[email protected]>, relay=relay.*******.com[64.182.102.185]:25, delay=25, delays=12/0.07/1.1/13, dsn=2.0.0, status=sent (250 2.0.0 m1D03lCP010255 Message accepted for delivery)
    
    
    Also I have taken and added irs.gov to the /etc/postfix/local-host-names as well to stop them sending mail with that. But I hate to block all these domains that could potientally come in if there being spoofed.

    I am also noticing this line in there as well, could you tell me how to fix this please: Feb 12 19:00:27 svr2 postfix/smtp[4300]: warning: database /etc/postfix/sasl_passwd.db is older than source file /etc/postfix/sasl_passwd

    Any help would be appericated.
     
  2. topdog

    topdog Active Member

    running postmap of the file /etc/postfix/sasl_passwd will make the warnings go away
     
  3. SolidSnke

    SolidSnke New Member

    I found the issue it was me, as I did have a test account with no passoword set on this. Fix and corrected.

    Cheers.
     

Share This Page