Re: Using My Box to Relay Spam

From: Hal Burgiss (hal@burgiss.net)
Date: 05/01/02


From: Hal Burgiss <hal@burgiss.net>
Date: Wed, 01 May 2002 15:49:01 GMT

On 1 May 2002 14:05:29 GMT, Marshall Lake <mlake@melake.erols.com> wrote:
>
> Apr 23 19:01:03 postfix/smtpd[20820]: connect from unknown[200.11.224.229]
> Apr 23 19:01:05 postfix/smtpd[20820]: 69A081B808: client=unknown[200.11.224.229]
> Apr 23 19:01:07 postfix/smtpd[20820]: disconnect from unknown[200.11.224.229]
>
> Can someone tell me or point me in the right direction to finding out
> how to stop this from happening?

Depending on what loglevel you are doing, I would think postfix would
have more to say if mail were actually being sent. Maybe this is a
probe of some kind (my guess)? If its always the same IP, block with
iptables. That being said, nobody likes a spammer.

So, www.postfix.org, /usr/share/doc*/postfix*, or maybe the
lovely and talented 'grep':

[root@feenix privoxy]# grep relay /etc/postfix/main.cf
# those names via the relay_domains or permit_mx_backup settings for
# luser_relay parameters.
# This parameter has precedence over the luser_relay parameter.
# The luser_relay parameter specifies an optional destination address
# The following expansions are done on luser_relay: $user (recipient
# luser_relay = $user@other.host
# luser_relay = $local@other.host
# luser_relay = admin+$local
# The relay_domains parameter restricts what clients this mail system
# will relay mail from, or what destinations this system will relay
# By default, Postfix relays mail
# - from trusted clients matching $relay_domains or subdomains thereof,
# - from untrusted clients to destinations that match $relay_domains
# The default relay_domains value is $mydestination.
# These destinations do not need to be listed in $relay_domains.
relay_domains = $mydestination, /etc/postfix/relay-domains
 
Or, telnet to mail-abuse.org and you will get a thorough going over to
check for relaying vulnerabilites.

-- 
Hal Burgiss
 



Relevant Pages

  • Re: windows messenger/https problems
    ... > all destinations and only one protocol rule is present, ... SecureNAT clients can't sign into Windows Messenger and HTTPS ...
    (microsoft.public.isa.clients)
  • Re: Relaying Denied message
    ... We've been having that issue at my company with sending e-mail to one of ... our clients. ... client is being swamped by the latest e-mail virus. ... Tried different destinations? ...
    (microsoft.public.exchange.setup)