Re: spammers are killing me
On Wednesday 20 March 2002 11:30, Vineet Kumar wrote:
> * martin f krafft (madduck@madduck.net) [020319 19:48]:
> > it's either too late in the night or here's something going on.
> > IP=3D195.226.187.154, postfix 1.1.3-1 on debian woody, port 25,
> > mailhost for 27 domains, otherwise closed relay.
> >
> > now i find this in the logs:
> >
> > postfix/smtpd[6023]: connect from host074125.arnet.net.ar [200.45.74.125]
> > postfix/smtpd[6023]: 6937F1673D:
> > client=host074125.arnet.net.ar[200.45.74.125] postfix/cleanup[6024]:
> > 6937F1673D: message-id=<0000569d4d9a$000021ce$00002d35@64.197.156.227>
> > postfix/qmgr[31979]: 6937F1673D: from=<opt-in@randbad.com>, size=5880,
> > nrcpt=25 (queue active) postfix/smtp[6038]: 6937F1673D:
> > to=<kkelsplace@cs.com>, relay=mailin-02.mx.aol.com[64.12.136.121],
> > delay=7, status=sent (250 OK)
> >
> > try it, it's a closed relay. there *exists* tls client authentication
> > but that would be logged. how the heck can this happen???
>
> FWIW, I did try a very basic relay test and received 554 Relay access
> denied, though I don't know if that makes you feel more or less sane =)
>
> It might be worthwhile to get a more thorough probe from orbz.
orbz has shut itself down, see /. article:
http://slashdot.org/yro/02/03/20/1528246.shtml?tid=111
> Do all incoming messages (i.e. legitimately relayed for your customers)
> look pretty much like that? I mean they show
> relay=some.other.mailserver? I'm thinking maybe it was specified via a
> percent-hack or something. Orbz should find that if it is the case. I
> haven't used postfix, so I can't say where to look.
>
> good times,
> Vineet
Reply to: