Re: spammers are killing me
On Wednesday 20 March 2002 11:30, Vineet Kumar wrote:
> * martin f krafft (email@example.com) [020319 19:48]:
> > it's either too late in the night or here's something going on.
> > IP=3D126.96.36.199, postfix 1.1.3-1 on debian woody, port 25,
> > mailhost for 27 domains, otherwise closed relay.
> > now i find this in the logs:
> > postfix/smtpd: connect from host074125.arnet.net.ar [188.8.131.52]
> > postfix/smtpd: 6937F1673D:
> > client=host074125.arnet.net.ar[184.108.40.206] postfix/cleanup:
> > 6937F1673D: message-id=<firstname.lastname@example.org>
> > postfix/qmgr: 6937F1673D: from=<email@example.com>, size=5880,
> > nrcpt=25 (queue active) postfix/smtp: 6937F1673D:
> > to=<firstname.lastname@example.org>, relay=mailin-02.mx.aol.com[220.127.116.11],
> > delay=7, status=sent (250 OK)
> > try it, it's a closed relay. there *exists* tls client authentication
> > but that would be logged. how the heck can this happen???
> FWIW, I did try a very basic relay test and received 554 Relay access
> denied, though I don't know if that makes you feel more or less sane =)
> It might be worthwhile to get a more thorough probe from orbz.
orbz has shut itself down, see /. article:
> Do all incoming messages (i.e. legitimately relayed for your customers)
> look pretty much like that? I mean they show
> relay=some.other.mailserver? I'm thinking maybe it was specified via a
> percent-hack or something. Orbz should find that if it is the case. I
> haven't used postfix, so I can't say where to look.
> good times,