[Fwd: Odd postfix behavior]

To: debian-isp@lists.debian.org
Subject: [Fwd: Odd postfix behavior]
From: Roberto Sanchez <rcsanchez97@yahoo.es>
Date: Fri, 23 Apr 2004 11:24:10 -0400
Message-id: <[🔎] 4089351A.70000@yahoo.es>

Sorry for the cross post, but I initally posted this on debian-user and
received nary a response.  I am hoping that this might be more up the
alley of the debian-isp folks.  BTW, plz CC me, as I am not subscribed
to debian-isp.

-Roberto Sanchez

-------- Original Message --------
Subject: Odd postfix behavior
Resent-Date: Thu, 22 Apr 2004 23:00:44 -0500 (CDT)
Resent-From: debian-user@lists.debian.org
Date: Fri, 23 Apr 2004 00:00:47 -0400
From: Roberto Sanchez <rcsanchez97@yahoo.es>
To: Debian User <debian-user@lists.debian.org>

I have postfix running on Woody.  The problem I just came across is
that someone trying to use me as an open relay to spam an aol adress
can use me as a relay.

I have postfix setup to only accept mail from my private subnet and
clients that authenticate with SMTP AUTH.  However, since I am on a
Bellsouth dynamic IP, I have added a line to /etc/postfix/transport:

aol.com                 smtp:[mail.bellsouth.net]

This is so that my wife can email her dad (who absolutely refuses
to give up aol.  Apparently, postfix looks at the transport table
before looking at smtpd_recipient_restrictions.  This are the
restrictions I have set:

smtpd_recipient_restrictions = reject_non_fqdn_sender,
reject_non_fqdn_recipient, reject_unknown_sender_domain,
reject_unknown_recipient_domain, permit_sasl_authenticated,
permit_mynetworks, reject_unauth_destination, check_relay_domains

Thankfully, Bellsouth rejected my relay attempt:

Apr 22 20:39:48 santiago postfix/smtp[15834]: 75EC2A0000AD:
to=<Liznjorge714@aol.com>, relay=mail.bellsouth.net[205.152.59.17],
delay=3, status=bounced (host mail.bellsouth.net[205.152.59.17] said:
550 .net 022: Your current IP address is not allowed to relay to aol.com
Solution: Connect using BellSouth Internet Service.)

However, I would like to prevent this from happening again.  Can anyone
enlighten me?

Also, I have started encountering strange log messages from one of
my machines.  I have two identically configured Sid boxes (running
exim) that relay logcheck updates to my mail server.  One box connects
just fine:

Apr 22 22:01:32 santiago postfix/smtpd[16306]: connect from
miami.familiasanchez.net[192.168.0.3]
Apr 22 22:01:32 santiago postfix/smtpd[16306]: setting up TLS connection
from miami.familiasanchez.net[192.168.0.3]
Apr 22 22:01:32 santiago postfix/smtpd[16306]: TLS connection
established from miami.familiasanchez.net[192.168.0.3]: TLSv1 with
cipher RC4-SHA (128/128 bits)
Apr 22 22:01:32 santiago postfix/smtpd[16306]: D930BA0000AB:
client=miami.familiasanchez.net[192.168.0.3]
Apr 22 22:01:33 santiago postfix/cleanup[16307]: D930BA0000AB:
message-id=<E1BGq0w-0008Vi-7f@miami.familiasanchez.net>
Apr 22 22:01:33 santiago postfix/qmgr[364]: D930BA0000AB:
from=<root@miami.familiasanchez.net>, size=1059, nrcpt=1 (queue active)
Apr 22 22:01:33 santiago postfix/smtpd[16306]: disconnect from
miami.familiasanchez.net[192.168.0.3]

The other box can also connect, bt it generates some errors:

Apr 22 19:02:03 santiago postfix/smtpd[14987]: connect from
mayaguez.familiasanchez.net[192.168.0.2]
Apr 22 19:02:03 santiago postfix/smtpd[14987]: setting up TLS connection
from mayaguez.familiasanchez.net[192.168.0.2]
Apr 22 19:02:04 santiago postfix/smtpd[14987]: TLS connection
established from mayaguez.familiasanchez.net[192.168.0.2]: TLSv1 with
cipher RC4-SHA (128/128 bits)
Apr 22 19:02:04 santiago postfix/smtpd[14987]: warning:
mayaguez.familiasanchez.net[192.168.0.2]: SASL CRAM-MD5 authentication
failed
Apr 22 19:02:09 santiago postfix/smtpd[14987]: 1C7B9A0000AB:
client=mayaguez.familiasanchez.net[192.168.0.2], sasl_method=PLAIN,
sasl_username=roberto, sasl_sender=root@mayaguez.familiasanchez.net
Apr 22 19:02:09 santiago postfix/cleanup[14988]: 1C7B9A0000AB:
message-id=<E1BGnCl-0000sv-NV@mayaguez.familiasanchez.net>
Apr 22 19:02:09 santiago postfix/qmgr[364]: 1C7B9A0000AB:
from=<root@mayaguez.familiasanchez.net>, size=1464, nrcpt=1 (queue active)
Apr 22 19:02:09 santiago postfix/pipe[14991]: 1C7B9A0000AB:
to=<roberto@familiasanchez.net>, relay=cyrus, delay=0, status=sent
(santiago.familiasanchez.net)
Apr 22 19:02:09 santiago postfix/smtpd[14987]: disconnect from
mayaguez.familiasanchez.net[192.168.0.2]

The difference is in the "authentication failed" message.  I receive
all mails from both boxes, so I guess that they are harmless.
Nonetheless, I would like to know why only one box generates the error.

-Roberto Sanchez

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Follow-Ups:
- Re: [Fwd: Odd postfix behavior]
  - From: Christian Hammers <ch@lathspell.de>

Prev by Date: testmail
Next by Date: Re: [Fwd: Odd postfix behavior]
Previous by thread: testmail
Next by thread: Re: [Fwd: Odd postfix behavior]
Index(es):
- Date
- Thread