I didn't have a problem until recently. I was running an older version,
199906something and everything was working fine until som a**hole in
Tiawan started using me to relay spam last week.
I have been fighting all day to get upgraded to postfix 19991231-pl05 and
I think I have most of it at least working again except I can't local
delivery to work. I keep getting messages either saying that everyone
onthe host is an unknown users or messages about looping back to myself.
With this great documentation, especially now that we don't even have the
comments in the main.cf file, after tering my hair out for the last nine
hours, I am about ready to flush the whole thing and go back to sendmail
(shudder at the thought).
I can't even get help from this mailing list because my email address for
the list is on the machine that wont do local delivery.
If anyone can possibly give me a pointer, please email me at
rp...@micron.net . Thanks
--Richard
On 22 Mar 00, at 10:28, David Brueckmann wrote:
> Hi...
>
> I'm unsure about configuring postfix in the following way:
> - Accept all mails for receipent-domains listed in virtual_maps
> - Relay all mails with envelope-from-adresses with domains
> listed in virtual_maps.
> - Reject everything else.
>
> I know... this is not the best way to keep off spammers - but
> the only acceptable to me.
>
> bye, david
>
------------------------------
Richard B. Pyne, KB7RMU
rp...@kinfolk.org
http://pyne.kinfolk.org/rbp2
I'm not surprised -- such theft-of-service attacks are inevitable if you
do not take at least basic steps to protect your SMTP servers.
Using the IP number to authorise mail relay depends upon the fact that
in order to be allocated that IP number the user had to have been
authenticated in some hopefully secure manner.
You can use any other form of authentication to authorise your users if
you don't provide their direct connections and thus allocate the IP
numbers they are connecting from. However you MUST use some form of
authentication and if you're not using SMTP-AUTH then this
authentication *MUST* be obtained out-of-band from the ordinary SMTP
connection the user has opened to initiate the mail relay.
You might consider using the WHOSON daemon as a source of authorisation
information and you can feed it with any form of authentication service
that you find suitable to use in your situation, such as from a POP/IMAP
server (POP-before-SMTP), or from a separate authentication service such
as RADIUS or something else of your own (hopefully secure) design.
http://www.average.org/whoson/
--
Greg A. Woods
+1 416 218-0098 VE3TCP <gwo...@acm.org> <robohack!woods>
Planix, Inc. <wo...@planix.com>; Secrets of the Weird <wo...@weird.com>
Both of these issues are covered in the FAQ. Have you checked there
yet? (You can still web browse, right? :-))
>
> With this great documentation, ...
??? Not sure whether that was sarcasm or not. Postfix's docs aren't
perfect. But they're certainly better than some I've seen. And other
than the occasional RTFM, the "residents" here are generally a pretty
patient bunch, *I* think.
>
> I can't even get help from this mailing list because my email address for
> the list is on the machine that wont do local delivery.
>
> If anyone can possibly give me a pointer, please email me at
> rp...@micron.net . Thanks
You had set Reply-to to the non-functional address. I've replied to
the mailing list, to what your Reply-to said you wanted and to the
address above. Hope that's sufficient.
Regards,
Jim
--
Jim Seymour | PGP Public Key available at:
jsey...@LinxNet.com | http://www.cam.ac.uk.pgp.net/pgpnet/wwwkeys.html
http://home.msen.com/~jimsun | http://www.trustcenter.de/cgi-bin/SearchCert.cgi