[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

permit_naked_ip_address dangerous! (was: spammers are killing me)



also sprach Ralf Hildebrandt <Ralf.Hildebrandt@XXXXXXX.XX> [2002.03.21.0743 +0100]:
> postfix/smtpd[6023]: connect from host074125.arnet.net.ar [200.45.74.125]
> postfix/smtpd[6023]: 6937F1673D: client host074125.arnet.net.ar[200.45.74.125]
> postfix/cleanup[6024]: 6937F1673D: message-id=3D<0000569d4d9a$000021ce$00002d35@64.197.156.227>
> postfix/qmgr[31979]: 6937F1673D: from=<opt-in@randbad.com>,size=3D5880, nrcpt=3D25 (queue active)
> postfix/smtp[6038]: 6937F1673D: to=<kkelsplace@cs.com>, relay=mailin-02.mx.aol.com[64.12.136.121], delay=7, status=sent (250 OK)
> 
> For some strange reason you must be relaying for either "cs.com"
> (check relay_domains!) or for 200.45.74.125 or for "ar", "net.ar",
> "arnet.net.ar"

the log entries do not include TLS negotiation, so it's cleartext and
thus subject to mynetworks or relay_domains relaying,
relay_clientcerts is not an issue.

let's inspect:

root@seamus:~# postconf mynetworks   
mynetworks = 127.0.0.0/8

root@seamus:~# postconf mydomain
mydomain = madduck.net

root@seamus:~# postconf myhostname
myhostname = seamus.madduck.net

root@seamus:~# postconf mydestination
mydestination = localhost.$mydomain, $myhostname,
hash:$db_dir/mydestination.hash

root@seamus:~# grep "^db_dir" /etc/postfix/main.cf
db_dir = /etc/postfix/db

root@seamus:~# cat /etc/postfix/db/mydestination.hash
madduck.net OK
mail.madduck.net OK
lists.madduck.net OK
dyn.madduck.net OK
mail.dyn.madduck.net OK

root@seamus:~# postconf relay_domains
relay_domains = hash:$db_dir/relays.hash

diamond.madduck.net OK
mail2.madduck.net OK

> What's in hash:$db_dir/access.hash ?

nothing:

root@seamus:~# ls -l /etc/postfix/db/access.hash
-rw-r--r--    1 root     root            0 Sep 16  2001 access.hash

so no, it's a closed relay.

> Maybe permit_naked_ip_address ?

that seems to be the only possibility, and:

220 seamus.madduck.net ESMTP "welcome to the machine..."
ehlo 130.58.218.7
250-seamus.madduck.net
250-PIPELINING
250-SIZE 5120000
250-ETRN
250-STARTTLS
250-XVERP
250 8BITMIME
mail from: <a@b.com>
250 Ok
rcpt to: <someone@somewhere.net>
250 Ok
data
354 End data with <CR><LF>.<CR><LF>
oh no!
.
250 Ok: queued as D4A5B1673D
quit
221 Bye

(i didn't actually send that email), but yes, permit_naked_ip_address in the
right place, and you can forget your UCE filters! wow, that's quite
a slap in the face. i am glad i was able to fix that before being the
biggest open relay out there...

-- 
martin;              (greetings from the heart of the sun.)
  \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck
  
"when i tell a robot to get me a beer,
 i don't want it horsing around.
 i want it to get a beer."
                                              -- joseph k. engelberger

Attachment: pgpN_NeqQ283q.pgp
Description: PGP signature


Reply to: