info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
How do I deal with unknown addresses in my postfix log?
17 views
Skip to first unread message
Henrik B A
Nov 25, 2016, 4:02:24 AM11/25/16
to
It seems that mail from unknown recipients/senders are being sent through my postfix server. I see a lot of entries like this, with different shady addresses:
Nov 24 15:32:35 XXXXX postfix/smtpd[12363]: 34108BA48C6: client=localhost[127.0.0.1]
Nov 24 15:32:35 XXXXX postsrsd[13736]: srs_forward: <Bran...@fortalezatours.com> rewritten as <SRS0+FZUn=XJ=fortalezatours.com=Bran...@YYYYY.ZZ>
Nov 24 15:32:35 XXXXX postfix/cleanup[13735]: 34108BA48C6: message-id=<01FBBAEAA1755AA9...@fortalezatours.com>
Nov 24 15:32:35 XXXXX postfix/qmgr[12188]: 34108BA48C6: from=<SRS0+FZUn=XJ=fortalezatours.com=Bran...@YYYYY.ZZ>, size=1196, nrcpt=1 (queue active)
Nov 24 15:32:35 XXXXX amavis[13918]: (13918-01) Passed CLEAN {RelayedOpenRelay}, [222.92.30.22]:49947 [222.92.30.22] <Bran...@fortalezatours.com> -> <liz...@ukr.net>, Queue-ID: 8F805BA48C7, Message-ID: <01FBBAEAA1755AA9...@fortalezatours.com>, mail_id: qF8LOG1vGb3f, Hits: 2.58, size: 768, queued_as: 34108BA48C6, 2235 ms
Nov 24 15:32:35 XXXXX postfix/smtp[13887]: 8F805BA48C7: to=<liz...@ukr.net>, relay=127.0.0.1[127.0.0.1]:10024, delay=5.3, delays=2.4/0/0.84/2.1, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 34108BA48C6)
Nov 24 15:32:35 XXXXX postfix/smtp[13676]: 34108BA48C6: to=<liz...@ukr.net>, relay=mxs.ukr.net[212.42.77.251]:25, delay=0.25, delays=0.17/0/0.04/0.04, dsn=2.0.0, status=sent (250 OK id=1c9v4l-000JFT-EP)
Nov 24 15:32:35 XXXXX postfix/qmgr[12188]: 34108BA48C6: removed
(My server name and domain is replaced with XXXXX and YYYYY.ZZ)
I don't have an open relay (relayhost= is set in main.cf), and I have a proper SPF record ("v=spf1 a mx ?all"). What more do I need to do?
Cheers,
Henrik
Nov 24 15:32:35 XXXXX postfix/smtpd[12363]: 34108BA48C6: client=localhost[127.0.0.1]
Nov 24 15:32:35 XXXXX postsrsd[13736]: srs_forward: <Bran...@fortalezatours.com> rewritten as <SRS0+FZUn=XJ=fortalezatours.com=Bran...@YYYYY.ZZ>
Nov 24 15:32:35 XXXXX postfix/cleanup[13735]: 34108BA48C6: message-id=<01FBBAEAA1755AA9...@fortalezatours.com>
Nov 24 15:32:35 XXXXX postfix/qmgr[12188]: 34108BA48C6: from=<SRS0+FZUn=XJ=fortalezatours.com=Bran...@YYYYY.ZZ>, size=1196, nrcpt=1 (queue active)
Nov 24 15:32:35 XXXXX amavis[13918]: (13918-01) Passed CLEAN {RelayedOpenRelay}, [222.92.30.22]:49947 [222.92.30.22] <Bran...@fortalezatours.com> -> <liz...@ukr.net>, Queue-ID: 8F805BA48C7, Message-ID: <01FBBAEAA1755AA9...@fortalezatours.com>, mail_id: qF8LOG1vGb3f, Hits: 2.58, size: 768, queued_as: 34108BA48C6, 2235 ms
Nov 24 15:32:35 XXXXX postfix/smtp[13887]: 8F805BA48C7: to=<liz...@ukr.net>, relay=127.0.0.1[127.0.0.1]:10024, delay=5.3, delays=2.4/0/0.84/2.1, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 34108BA48C6)
Nov 24 15:32:35 XXXXX postfix/smtp[13676]: 34108BA48C6: to=<liz...@ukr.net>, relay=mxs.ukr.net[212.42.77.251]:25, delay=0.25, delays=0.17/0/0.04/0.04, dsn=2.0.0, status=sent (250 OK id=1c9v4l-000JFT-EP)
Nov 24 15:32:35 XXXXX postfix/qmgr[12188]: 34108BA48C6: removed
(My server name and domain is replaced with XXXXX and YYYYY.ZZ)
I don't have an open relay (relayhost= is set in main.cf), and I have a proper SPF record ("v=spf1 a mx ?all"). What more do I need to do?
Cheers,
Henrik
Rob Brown
Nov 25, 2016, 2:39:11 PM11/25/16
to
On 2016-11-25, Henrik B A <henrik....@gmail.com> wrote:
>
> I don't have an open relay (relayhost= is set in main.cf),
I don't think that that is what the relayhost setting does.
>
> I don't have an open relay (relayhost= is set in main.cf),
Relayhost specifies where to send mail if there is no matching entry in the
transport map. I suppose if there is no relayhost and no transport map, mail
will be sent directly to the recipient.
See relay_domains and transport_maps.
At our shop, we had to relay mail through our outside facing postfix to our
inside mail servers. We used the relay_recipients file to make sure that
unknown recipients were not relayed. See relay_recipient_maps.
hth
Henrik B A
Nov 26, 2016, 8:01:16 AM11/26/16
to
> See relay_domains and transport_maps.
Hmm, neither of those are set. Never mind, here's my full main.cf (with some obfuscation):
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no
readme_directory = no
smtpd_tls_cert_file=/etc/ssl/certs/mail.XXXXX.no.crt
smtpd_tls_key_file=/etc/ssl/private/mail.XXXXX.no.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
myhostname = ZZZZZ.XXXXX.no
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = XXXXX.no, ZZZZZ.XXXXX.no, mail.XXXXX.no, localhost.XXXXX.no, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
virtual_alias_domains =
WWWWW.no,
VVVVV.no
virtual_maps = hash:/etc/postfix/virtual
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
smtpd_tls_auth_only = yes
content_filter = smtp-amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings
smtpd_client_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_pipelining,
reject_rbl_client zen.spamhaus.org,
message_size_limit = 50000000
smtp_generic_maps = hash:/etc/postfix/generic
smtpd_relay_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
sender_canonical_maps = tcp:127.0.0.1:10001
recipient_canonical_maps = tcp:127.0.0.1:10002
sender_canonical_classes = envelope_sender
recipient_canonical_classes = envelope_recipient
Is there anything more I should do to prevent those obviously dubious email being passed through my server? (Btw, sender/recipient_canonical_maps points to postsrsd so that forwarding works properly.)
Cheers,
Henrik
Hmm, neither of those are set. Never mind, here's my full main.cf (with some obfuscation):
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no
readme_directory = no
smtpd_tls_cert_file=/etc/ssl/certs/mail.XXXXX.no.crt
smtpd_tls_key_file=/etc/ssl/private/mail.XXXXX.no.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
myhostname = ZZZZZ.XXXXX.no
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = XXXXX.no, ZZZZZ.XXXXX.no, mail.XXXXX.no, localhost.XXXXX.no, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
virtual_alias_domains =
WWWWW.no,
VVVVV.no
virtual_maps = hash:/etc/postfix/virtual
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
smtpd_tls_auth_only = yes
content_filter = smtp-amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings
smtpd_client_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_pipelining,
reject_rbl_client zen.spamhaus.org,
message_size_limit = 50000000
smtp_generic_maps = hash:/etc/postfix/generic
smtpd_relay_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
sender_canonical_maps = tcp:127.0.0.1:10001
recipient_canonical_maps = tcp:127.0.0.1:10002
sender_canonical_classes = envelope_sender
recipient_canonical_classes = envelope_recipient
Is there anything more I should do to prevent those obviously dubious email being passed through my server? (Btw, sender/recipient_canonical_maps points to postsrsd so that forwarding works properly.)
Cheers,
Henrik
Rob Brown
Nov 28, 2016, 3:52:13 PM11/28/16
to
On 2016-11-26, Henrik B A <henrik....@gmail.com> wrote:
>
> Is there anything more I should do ...
Well we have now exceeded my expertise. When I was tying to figure this stuff
out, many years ago, I found the documentation at http://www.postfix.org useful.
Googling postfix open relay can also be entertaining.
Good luck.
>
> Is there anything more I should do ...
Well we have now exceeded my expertise. When I was tying to figure this stuff
out, many years ago, I found the documentation at http://www.postfix.org useful.
Googling postfix open relay can also be entertaining.
Good luck.
0 new messages