I have postfix running on Woody. The problem I just came across is that someone trying to use me as an open relay to spam an aol adress can use me as a relay. I have postfix setup to only accept mail from my private subnet and clients that authenticate with SMTP AUTH. However, since I am on a Bellsouth dynamic IP, I have added a line to /etc/postfix/transport: aol.com smtp:[mail.bellsouth.net] This is so that my wife can email her dad (who absolutely refuses to give up aol. Apparently, postfix looks at the transport table before looking at smtpd_recipient_restrictions. This are the restrictions I have set:smtpd_recipient_restrictions = reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_relay_domains
Thankfully, Bellsouth rejected my relay attempt:Apr 22 20:39:48 santiago postfix/smtp[15834]: 75EC2A0000AD: to=<Liznjorge714@aol.com>, relay=mail.bellsouth.net[205.152.59.17], delay=3, status=bounced (host mail.bellsouth.net[205.152.59.17] said: 550 .net 022: Your current IP address is not allowed to relay to aol.com Solution: Connect using BellSouth Internet Service.)
However, I would like to prevent this from happening again. Can anyone enlighten me? Also, I have started encountering strange log messages from one of my machines. I have two identically configured Sid boxes (running exim) that relay logcheck updates to my mail server. One box connects just fine:Apr 22 22:01:32 santiago postfix/smtpd[16306]: connect from miami.familiasanchez.net[192.168.0.3] Apr 22 22:01:32 santiago postfix/smtpd[16306]: setting up TLS connection from miami.familiasanchez.net[192.168.0.3] Apr 22 22:01:32 santiago postfix/smtpd[16306]: TLS connection established from miami.familiasanchez.net[192.168.0.3]: TLSv1 with cipher RC4-SHA (128/128 bits) Apr 22 22:01:32 santiago postfix/smtpd[16306]: D930BA0000AB: client=miami.familiasanchez.net[192.168.0.3] Apr 22 22:01:33 santiago postfix/cleanup[16307]: D930BA0000AB: message-id=<E1BGq0w-0008Vi-7f@miami.familiasanchez.net> Apr 22 22:01:33 santiago postfix/qmgr[364]: D930BA0000AB: from=<root@miami.familiasanchez.net>, size=1059, nrcpt=1 (queue active) Apr 22 22:01:33 santiago postfix/smtpd[16306]: disconnect from miami.familiasanchez.net[192.168.0.3]
The other box can also connect, bt it generates some errors:Apr 22 19:02:03 santiago postfix/smtpd[14987]: connect from mayaguez.familiasanchez.net[192.168.0.2] Apr 22 19:02:03 santiago postfix/smtpd[14987]: setting up TLS connection from mayaguez.familiasanchez.net[192.168.0.2] Apr 22 19:02:04 santiago postfix/smtpd[14987]: TLS connection established from mayaguez.familiasanchez.net[192.168.0.2]: TLSv1 with cipher RC4-SHA (128/128 bits) Apr 22 19:02:04 santiago postfix/smtpd[14987]: warning: mayaguez.familiasanchez.net[192.168.0.2]: SASL CRAM-MD5 authentication failed Apr 22 19:02:09 santiago postfix/smtpd[14987]: 1C7B9A0000AB: client=mayaguez.familiasanchez.net[192.168.0.2], sasl_method=PLAIN, sasl_username=roberto, sasl_sender=root@mayaguez.familiasanchez.net Apr 22 19:02:09 santiago postfix/cleanup[14988]: 1C7B9A0000AB: message-id=<E1BGnCl-0000sv-NV@mayaguez.familiasanchez.net> Apr 22 19:02:09 santiago postfix/qmgr[364]: 1C7B9A0000AB: from=<root@mayaguez.familiasanchez.net>, size=1464, nrcpt=1 (queue active) Apr 22 19:02:09 santiago postfix/pipe[14991]: 1C7B9A0000AB: to=<roberto@familiasanchez.net>, relay=cyrus, delay=0, status=sent (santiago.familiasanchez.net) Apr 22 19:02:09 santiago postfix/smtpd[14987]: disconnect from mayaguez.familiasanchez.net[192.168.0.2]
The difference is in the "authentication failed" message. I receive all mails from both boxes, so I guess that they are harmless. Nonetheless, I would like to know why only one box generates the error. -Roberto Sanchez
Attachment:
signature.asc
Description: OpenPGP digital signature