hi all, i have notice this mail logs:whats that? Oct 31 01:21:58 server1 postfix/smtp[31508]: 363B03326D0: to=<nnatbcmejjm@blacks tockphotos.com>, relay=mailserver.blackstockphotos.com[213.171.216.65], delay=2, status=bounced (host mailserver.blackstockphotos.com[213.171.216.65] said: 552 Oct 31 00:23:51 server1 postfix/smtp[29728]: 754183326CE: to=<edu@sexyadultworld .com>, relay=sexyadultworld.com[62.141.48.86], delay=2, status=sent (250 Data re ceived OK.) they connect without auth? formmail probably? how can i know if this is from formmail? thks in advanced
1) Test that your server is not a open relay: http://www.abuse.net/relay.html 2) If you have a insecure mail form on your server, there is no authentication needed for sending mails trough this form as the origin of the mails is localhost and localhost is a thrusted domain that dont need to authenticate.
Hi I have the same problem... My mailserver is working like hell sending mails.. web1:~ # postconf -d|grep mynetworks mynetworks = 127.0.0.0/8 192.168.1.0/24 mynetworks_style = subnet parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks smtpd_client_event_limit_exceptions = ${smtpd_client_connection_limit_exceptions:$mynetworks} smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination web1:~ # postconf -n|grep mynetworks mynetworks_style = subnet smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
The settings are fine so far. The way to find the origin of the mails is to inspect them with postcat as I described in your other thread: http://www.howtoforge.com/forums/showthread.php?t=7766&highlight=postcat I guess you checked the the spam is not send from your local network "192.168.1.0/24"
This is my output: postconf -d | grep mynetworks mynetworks = 127.0.0.0/8 192.168.1.0/24 mynetworks_style = subnet parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks smtpd_client_event_limit_exceptions = ${smtpd_client_connection_limit_exceptions:$mynetworks} smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination postconf -n | grep mynetworks mynetworks = 127.0.0.0/8 smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination i've checked the server and is not open relay ... any help would be much appreciated thks in advanced
That's the right setting, so your mail server is no open relay. So I guess Till is right: Check your web applications for email forms, guest books, etc. that send emails. Probably a weakness in one of those scripts is used by spammers...
