also sprach Ralf Hildebrandt <Ralf.Hildebrandt@XXXXXXX.XX> [2002.03.21.0743 +0100]: > postfix/smtpd[6023]: connect from host074125.arnet.net.ar [200.45.74.125] > postfix/smtpd[6023]: 6937F1673D: client host074125.arnet.net.ar[200.45.74.125] > postfix/cleanup[6024]: 6937F1673D: message-id=3D<0000569d4d9a$000021ce$00002d35@64.197.156.227> > postfix/qmgr[31979]: 6937F1673D: from=<opt-in@randbad.com>,size=3D5880, nrcpt=3D25 (queue active) > postfix/smtp[6038]: 6937F1673D: to=<kkelsplace@cs.com>, relay=mailin-02.mx.aol.com[64.12.136.121], delay=7, status=sent (250 OK) > > For some strange reason you must be relaying for either "cs.com" > (check relay_domains!) or for 200.45.74.125 or for "ar", "net.ar", > "arnet.net.ar" the log entries do not include TLS negotiation, so it's cleartext and thus subject to mynetworks or relay_domains relaying, relay_clientcerts is not an issue. let's inspect: root@seamus:~# postconf mynetworks mynetworks = 127.0.0.0/8 root@seamus:~# postconf mydomain mydomain = madduck.net root@seamus:~# postconf myhostname myhostname = seamus.madduck.net root@seamus:~# postconf mydestination mydestination = localhost.$mydomain, $myhostname, hash:$db_dir/mydestination.hash root@seamus:~# grep "^db_dir" /etc/postfix/main.cf db_dir = /etc/postfix/db root@seamus:~# cat /etc/postfix/db/mydestination.hash madduck.net OK mail.madduck.net OK lists.madduck.net OK dyn.madduck.net OK mail.dyn.madduck.net OK root@seamus:~# postconf relay_domains relay_domains = hash:$db_dir/relays.hash diamond.madduck.net OK mail2.madduck.net OK > What's in hash:$db_dir/access.hash ? nothing: root@seamus:~# ls -l /etc/postfix/db/access.hash -rw-r--r-- 1 root root 0 Sep 16 2001 access.hash so no, it's a closed relay. > Maybe permit_naked_ip_address ? that seems to be the only possibility, and: 220 seamus.madduck.net ESMTP "welcome to the machine..." ehlo 130.58.218.7 250-seamus.madduck.net 250-PIPELINING 250-SIZE 5120000 250-ETRN 250-STARTTLS 250-XVERP 250 8BITMIME mail from: <a@b.com> 250 Ok rcpt to: <someone@somewhere.net> 250 Ok data 354 End data with <CR><LF>.<CR><LF> oh no! . 250 Ok: queued as D4A5B1673D quit 221 Bye (i didn't actually send that email), but yes, permit_naked_ip_address in the right place, and you can forget your UCE filters! wow, that's quite a slap in the face. i am glad i was able to fix that before being the biggest open relay out there... -- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@madduck "when i tell a robot to get me a beer, i don't want it horsing around. i want it to get a beer." -- joseph k. engelberger
Attachment:
pgpxXR7lCFQEl.pgp
Description: PGP signature