[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

permit_naked_ip_address dangerous! (was: spammers are killing me)

also sprach Ralf Hildebrandt <Ralf.Hildebrandt@XXXXXXX.XX> [2002.03.21.0743 +0100]:
> postfix/smtpd[6023]: connect from host074125.arnet.net.ar []
> postfix/smtpd[6023]: 6937F1673D: client host074125.arnet.net.ar[]
> postfix/cleanup[6024]: 6937F1673D: message-id=3D<0000569d4d9a$000021ce$00002d35@>
> postfix/qmgr[31979]: 6937F1673D: from=<opt-in@randbad.com>,size=3D5880, nrcpt=3D25 (queue active)
> postfix/smtp[6038]: 6937F1673D: to=<kkelsplace@cs.com>, relay=mailin-02.mx.aol.com[], delay=7, status=sent (250 OK)
> For some strange reason you must be relaying for either "cs.com"
> (check relay_domains!) or for or for "ar", "net.ar",
> "arnet.net.ar"

the log entries do not include TLS negotiation, so it's cleartext and
thus subject to mynetworks or relay_domains relaying,
relay_clientcerts is not an issue.

let's inspect:

root@seamus:~# postconf mynetworks   
mynetworks =

root@seamus:~# postconf mydomain
mydomain = madduck.net

root@seamus:~# postconf myhostname
myhostname = seamus.madduck.net

root@seamus:~# postconf mydestination
mydestination = localhost.$mydomain, $myhostname,

root@seamus:~# grep "^db_dir" /etc/postfix/main.cf
db_dir = /etc/postfix/db

root@seamus:~# cat /etc/postfix/db/mydestination.hash
madduck.net OK
mail.madduck.net OK
lists.madduck.net OK
dyn.madduck.net OK
mail.dyn.madduck.net OK

root@seamus:~# postconf relay_domains
relay_domains = hash:$db_dir/relays.hash

diamond.madduck.net OK
mail2.madduck.net OK

> What's in hash:$db_dir/access.hash ?


root@seamus:~# ls -l /etc/postfix/db/access.hash
-rw-r--r--    1 root     root            0 Sep 16  2001 access.hash

so no, it's a closed relay.

> Maybe permit_naked_ip_address ?

that seems to be the only possibility, and:

220 seamus.madduck.net ESMTP "welcome to the machine..."
250-SIZE 5120000
mail from: <a@b.com>
250 Ok
rcpt to: <someone@somewhere.net>
250 Ok
354 End data with <CR><LF>.<CR><LF>
oh no!
250 Ok: queued as D4A5B1673D
221 Bye

(i didn't actually send that email), but yes, permit_naked_ip_address in the
right place, and you can forget your UCE filters! wow, that's quite
a slap in the face. i am glad i was able to fix that before being the
biggest open relay out there...

martin;              (greetings from the heart of the sun.)
  \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck
"when i tell a robot to get me a beer,
 i don't want it horsing around.
 i want it to get a beer."
                                              -- joseph k. engelberger

Attachment: pgpN_NeqQ283q.pgp
Description: PGP signature

Reply to: