Mailserver relay

Discussion in 'Server Operation' started by macka601, Mar 18, 2008.

  1. macka601

    macka601 New Member

    Hi,

    Trying to work out if my email server is being used in a relay style setup, as i'm getting a lot of spam that seems to have our domain name attached to the end.
    or is it just that someone is spamming via another server with our domain name attached?

    I telnet to our server's port 25 from outside the network and it won't let me do a mail from:[email protected] to a rcpt to:eek:[email protected] (says relaying is denied which it should be). So i don't understand what is happening?

    here's a snippit of what i think is the relay text in the log..

    Mar 19 11:27:59 reddwarf postfix/smtpd[32255]: connect from localhost[127.0.0.1]
    Mar 19 11:27:59 reddwarf postfix/smtpd[32255]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 550 5.1.1 <[email protected]>: Recipient address rejected: User unknown in virtual mailbox table; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<server.ourdomainname.com>
    Mar 19 11:27:59 reddwarf postfix/smtpd[32258]: initializing the server-side TLS engine
    Mar 19 11:27:59 reddwarf postfix/smtpd[32258]: connect from localhost[127.0.0.1]
    Mar 19 11:27:59 reddwarf postfix/smtpd[32258]: 884E3168088: client=localhost[127.0.0.1]
    Mar 19 11:27:59 reddwarf postfix/cleanup[32260]: 884E3168088: message-id=<[email protected]>
    Mar 19 11:27:59 reddwarf postfix/qmgr[29865]: 884E3168088: from=<>, size=3720, nrcpt=1 (queue active)
    Mar 19 11:27:59 reddwarf postfix/smtpd[32258]: disconnect from localhost[127.0.0.1]
    Mar 19 11:27:59 reddwarf postfix/smtpd[32255]: 9C325168089: client=localhost[127.0.0.1]
    Mar 19 11:27:59 reddwarf postfix/cleanup[32260]: 9C325168089: message-id=<[email protected]>
    Mar 19 11:27:59 reddwarf postfix/qmgr[29865]: 9C325168089: from=<[email protected]>, size=3848, nrcpt=1 (queue active)
    Mar 19 11:27:59 reddwarf postfix/virtual[32265]: 9C325168089: to=<[email protected]>, orig_to=<[email protected]>, relay=virtual, delay=0.36, delays=0.31/0.02/0/0.02, dsn=2.0.0, status=sent (delivered to maildir)
    Mar 19 11:27:59 reddwarf postfix/qmgr[29865]: 9C325168089: removed
    Mar 19 11:27:59 reddwarf postfix/smtpd[32255]: disconnect from localhost[127.0.0.1]
    Mar 19 11:27:59 reddwarf postfix/smtpd[32258]: 884E3168088: client=localhost[127.0.0.1]
    Mar 19 11:27:59 reddwarf postfix/cleanup[32260]: 884E3168088: message-id=<[email protected]>
    Mar 19 11:27:59 reddwarf postfix/qmgr[29865]: 884E3168088: from=<>, size=3720, nrcpt=1 (queue active)
    Mar 19 11:27:59 reddwarf postfix/smtpd[32258]: disconnect from localhost[127.0.0.1]
    Mar 19 11:27:59 reddwarf postfix/smtpd[32255]: 9C325168089: client=localhost[127.0.0.1]
    Mar 19 11:27:59 reddwarf postfix/cleanup[32260]: 9C325168089: message-id=<[email protected]>
    Mar 19 11:27:59 reddwarf postfix/qmgr[29865]: 9C325168089: from=<[email protected]>, size=3848, nrcpt=1 (queue active)
    Mar 19 11:27:59 reddwarf postfix/virtual[32265]: 9C325168089: to=<[email protected]>, orig_to=<[email protected]>, relay=virtual, delay=0.36, delays=0.31/0.02/0/0.02, dsn=2.0.0, status=sent (delivered to maildir)
    Mar 19 11:27:59 reddwarf postfix/qmgr[29865]: 9C325168089: removed
    Mar 19 11:27:59 reddwarf postfix/smtpd[32255]: disconnect from localhost[127.0.0.1]
    Mar 19 11:28:05 reddwarf postfix/smtp[32264]: 884E3168088: to=<[email protected]>, relay=mx.cc.imperial.ac.uk[155.198.5.151]:25, delay=6.4, delays=0.11/0.02/2/4.3, dsn=2.0.0, status=sent (250 OK id=1JbkHp-0007Wl-R9)
    Mar 19 11:28:05 reddwarf postfix/qmgr[29865]: 884E3168088: removed
    rt if necessary)
    Mar 19 11:30:02 reddwarf postfix/smtpd[32462]: initializing the server-side TLS engine
    Mar 19 11:30:02 reddwarf postfix/smtpd[32462]: connect from localhost[127.0.0.1]
    Mar 19 11:30:02 reddwarf postfix/smtpd[32462]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 550 5.1.1 <[email protected]>: Recipient address rejected: User unknown in virtual mailbox table; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<server.ourdomainname.com>
    Mar 19 11:30:02 reddwarf postfix/smtpd[32467]: initializing the server-side TLS engine
    Mar 19 11:30:02 reddwarf postfix/smtpd[32467]: connect from localhost[127.0.0.1]
    Mar 19 11:30:02 reddwarf postfix/smtpd[32467]: 8D51C168088: client=localhost[127.0.0.1]
    Mar 19 11:30:02 reddwarf postfix/cleanup[32469]: 8D51C168088: message-id=<[email protected]>
    Mar 19 11:30:02 reddwarf postfix/smtpd[32467]: disconnect from localhost[127.0.0.1]
    Mar 19 11:30:02 reddwarf postfix/qmgr[29865]: 8D51C168088: from=<>, size=3272, nrcpt=1 (queue active)
    Mar 19 11:30:02 reddwarf postfix/smtpd[32462]: A5057168089: client=localhost[127.0.0.1]
    Mar 19 11:30:02 reddwarf postfix/cleanup[32469]: A5057168089: message-id=<[email protected]>
    Mar 19 11:30:02 reddwarf postfix/qmgr[29865]: A5057168089: from=<[email protected]>, size=3249, nrcpt=1 (queue active)
    Mar 19 11:30:02 reddwarf postfix/virtual[32474]: A5057168089: to=<[email protected]>, orig_to=<[email protected]>, relay=virtual, delay=0.35, delays=0.31/0.02/0/0.02, dsn=2.0.0, status=sent (delivered to maildir)
    Mar 19 11:30:02 reddwarf postfix/qmgr[29865]: A5057168089: removed
    Mar 19 11:30:02 reddwarf postfix/smtpd[32462]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 550 5.1.1 <[email protected]>: Recipient address rejected: User unknown in virtual mailbox table; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<server.ourdomainname.com>
    Mar 19 11:30:02 reddwarf postfix/smtpd[32467]: connect from localhost[127.0.0.1]
    Mar 19 11:30:02 reddwarf postfix/smtpd[32467]: D3B21168089: client=localhost[127.0.0.1]
    Mar 19 11:30:02 reddwarf postfix/cleanup[32469]: D3B21168089: message-id=<[email protected]>
    Mar 19 11:30:02 reddwarf postfix/qmgr[29865]: D3B21168089: from=<>, size=3286, nrcpt=1 (queue active)
    Mar 19 11:30:02 reddwarf postfix/smtpd[32467]: disconnect from localhost[127.0.0.1]
    Mar 19 11:30:02 reddwarf postfix/smtpd[32462]: EA16C16808A: client=localhost[127.0.0.1]
    Mar 19 11:30:03 reddwarf postfix/cleanup[32469]: EA16C16808A: message-id=<[email protected]>
    Mar 19 11:30:03 reddwarf postfix/qmgr[29865]: EA16C16808A: from=<[email protected]>, size=3321, nrcpt=1 (queue active)
    Mar 19 11:30:03 reddwarf postfix/virtual[32474]: EA16C16808A: to=<[email protected]>, orig_to=<[email protected]>, relay=virtual, delay=0.2, delays=0.19/0/0/0.01, dsn=2.0.0, status=sent (delivered to maildir)
    Mar 19 11:30:03 reddwarf postfix/qmgr[29865]: EA16C16808A: removed
    Mar 19 11:30:03 reddwarf postfix/smtpd[32462]: disconnect from localhost[127.0.0.1]
    Mar 19 11:30:16 reddwarf postfix/smtp[32476]: D3B21168089: to=<[email protected]>, relay=mail0.tempur.co.uk[83.244.135.147]:25, delay=14, delays=0.08/0.02/12/1.6, dsn=2.6.0, status=sent (250 2.6.0 <[email protected]> Queued mail for delivery)
    Mar 19 11:30:16 reddwarf postfix/qmgr[29865]: D3B21168089: removed
    Mar 19 11:30:20 reddwarf postfix/smtp[32473]: 8D51C168088: to=<[email protected]>, relay=mail0.tempur.co.uk[83.244.135.147]:25, delay=18, delays=0.13/0.03/17/1.3, dsn=2.6.0, status=sent (250 2.6.0 <[email protected]> Queued mail for delivery)
    Mar 19 11:30:20 reddwarf postfix/qmgr[29865]: 8D51C168088: removed



    Grant
     
    Last edited: Mar 18, 2008
    macka601, Mar 18, 2008
    #1
  2. falko

    falko Super Moderator Howtoforge Staff

    That's possible. It's a weakness of the SMTP protocol - it allows you to set whatever sender address you'd like to use, even if you don't own it.
     
    falko, Mar 19, 2008
    #2
  3. macka601

    macka601 New Member

    Thanks Falko,
    Mostly i was worried that we were being used as some sort of relay host. but i have since been able to get postfix to deny that

    Will keep an eye out i guess.

    Grant
     
    macka601, Mar 19, 2008
    #3

Share This Page