Re: Odd postfix behavior

To: Debian User <debian-user@lists.debian.org>
Subject: Re: Odd postfix behavior
From: "Derrick 'dman' Hudson" <dman@dman13.dyndns.org>
Date: Mon, 26 Apr 2004 16:33:18 -0400
Message-id: <[🔎] 20040426203318.GC21699@dman13.dyndns.org>
Mail-followup-to: Derrick 'dman' Hudson <dman@dman13.dyndns.org>, Debian User <debian-user@lists.debian.org>
In-reply-to: <[🔎] 408894EF.2000708@yahoo.es>
References: <[🔎] 408894EF.2000708@yahoo.es>

On Fri, Apr 23, 2004 at 12:00:47AM -0400, Roberto Sanchez wrote:
| I have postfix running on Woody.  The problem I just came across is
| that someone trying to use me as an open relay to spam an aol adress
| can use me as a relay.
| 
| I have postfix setup to only accept mail from my private subnet and
| clients that authenticate with SMTP AUTH.  However, since I am on a
| Bellsouth dynamic IP, I have added a line to /etc/postfix/transport:
| 
| aol.com                 smtp:[mail.bellsouth.net]
| 
| This is so that my wife can email her dad (who absolutely refuses
| to give up aol.

This is fine.

| Apparently, postfix looks at the transport table
| before looking at smtpd_recipient_restrictions.

Not so.

| This are the restrictions I have set:
| 
| smtpd_recipient_restrictions = reject_non_fqdn_sender, 
|   reject_non_fqdn_recipient, reject_unknown_sender_domain, 
|   reject_unknown_recipient_domain, permit_sasl_authenticated, 
|   permit_mynetworks, reject_unauth_destination, check_relay_domains

What is the setting of mynetworks?

| Thankfully, Bellsouth rejected my relay attempt:
| 
| Apr 22 20:39:48 santiago postfix/smtp[15834]: 75EC2A0000AD: 
| to=<Liznjorge714@aol.com>, relay=mail.bellsouth.net[205.152.59.17], 
| delay=3, status=bounced (host mail.bellsouth.net[205.152.59.17] said: 
| 550 .net 022: Your current IP address is not allowed to relay to aol.com 
| Solution: Connect using BellSouth Internet Service.)
| 
| However, I would like to prevent this from happening again.  Can anyone
| enlighten me?

What are the rest of the logs for message 75EC2A0000AD?

| Also, I have started encountering strange log messages from one of
| my machines.  I have two identically configured Sid boxes (running
| exim) that relay logcheck updates to my mail server.  One box connects
| just fine:
| 
| Apr 22 22:01:32 santiago postfix/smtpd[16306]: connect from 
| miami.familiasanchez.net[192.168.0.3]
| Apr 22 22:01:32 santiago postfix/smtpd[16306]: setting up TLS connection 
| from miami.familiasanchez.net[192.168.0.3]
| Apr 22 22:01:32 santiago postfix/smtpd[16306]: TLS connection 
| established from miami.familiasanchez.net[192.168.0.3]: TLSv1 with 
| cipher RC4-SHA (128/128 bits)
| Apr 22 22:01:32 santiago postfix/smtpd[16306]: D930BA0000AB: 
| client=miami.familiasanchez.net[192.168.0.3]
| Apr 22 22:01:33 santiago postfix/cleanup[16307]: D930BA0000AB: 
| message-id=<E1BGq0w-0008Vi-7f@miami.familiasanchez.net>
| Apr 22 22:01:33 santiago postfix/qmgr[364]: D930BA0000AB: 
| from=<root@miami.familiasanchez.net>, size=1059, nrcpt=1 (queue active)
| Apr 22 22:01:33 santiago postfix/smtpd[16306]: disconnect from 
| miami.familiasanchez.net[192.168.0.3]
| 
| The other box can also connect, bt it generates some errors:
| 
| Apr 22 19:02:03 santiago postfix/smtpd[14987]: connect from 
| mayaguez.familiasanchez.net[192.168.0.2]
| Apr 22 19:02:03 santiago postfix/smtpd[14987]: setting up TLS connection 
| from mayaguez.familiasanchez.net[192.168.0.2]
| Apr 22 19:02:04 santiago postfix/smtpd[14987]: TLS connection 
| established from mayaguez.familiasanchez.net[192.168.0.2]: TLSv1 with 
| cipher RC4-SHA (128/128 bits)
| Apr 22 19:02:04 santiago postfix/smtpd[14987]: warning: 
| mayaguez.familiasanchez.net[192.168.0.2]: SASL CRAM-MD5 authentication 
| failed
| Apr 22 19:02:09 santiago postfix/smtpd[14987]: 1C7B9A0000AB: 
| client=mayaguez.familiasanchez.net[192.168.0.2], sasl_method=PLAIN, 
| sasl_username=roberto, sasl_sender=root@mayaguez.familiasanchez.net
| Apr 22 19:02:09 santiago postfix/cleanup[14988]: 1C7B9A0000AB: 
| message-id=<E1BGnCl-0000sv-NV@mayaguez.familiasanchez.net>
| Apr 22 19:02:09 santiago postfix/qmgr[364]: 1C7B9A0000AB: 
| from=<root@mayaguez.familiasanchez.net>, size=1464, nrcpt=1 (queue active)
| Apr 22 19:02:09 santiago postfix/pipe[14991]: 1C7B9A0000AB: 
| to=<roberto@familiasanchez.net>, relay=cyrus, delay=0, status=sent 
| (santiago.familiasanchez.net)
| Apr 22 19:02:09 santiago postfix/smtpd[14987]: disconnect from 
| mayaguez.familiasanchez.net[192.168.0.2]
| 
| The difference is in the "authentication failed" message.  I receive
| all mails from both boxes, so I guess that they are harmless.
| Nonetheless, I would like to know why only one box generates the error.

The one connection didn't try to authenticate.  It was permitted to
send for other reasons, hence no mention of SASL anywhere.  In the
second set of logs, the sender tried to authenticate but either
provided incorrect credentials or the auth checking on your postfix
machine is not set up correctly.

-D

-- 
Q:  What's the difference between a computer salesman and a used car salesman?
A:  A used car salesman knows when he's lying.
 
www: http://dman13.dyndns.org/~dman/            jabber: dman@dman13.dyndns.org

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- Odd postfix behavior
  - From: Roberto Sanchez <rcsanchez97@yahoo.es>

Prev by Date: Re: Sid, saslauthd out of the box, does it work for you?
Next by Date: Re: To mbox or not, that is the question! (fwd)
Previous by thread: Odd postfix behavior
Next by thread: new install, sound not working (+2 bonus problems)
Index(es):
- Date
- Thread